blob: 18ea5d1027e06f329f318b9710dba56aeb4cdcba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6
Installation with CUDA and PFRING on Scientific Linux 6
For setup and install you need to be root:
mkdir /root/src
cd /root/src
Pre installation requirements
Install the following packages, to make sure you have everything needed for the
installation:
yum install mpfr-2.4.1-6.el6.x86_64 cpp-4.4.4-13.el6.x86_64 ppl-0.10.2-
11.el6.x86_64 \
cloog-ppl-0.15.7-1.2.el6.x86_64 gcc-4.4.4-13.el6.x86_64 kernel-devel-2.6.32-
131.2.1.el6.x86_64 \
pcre-devel-7.8-3.1.el6.x86_64 libpcap-devel-1.0.0-
6.20091201git117cb5.el6.x86_64 \
yum-plugin-priorities-1.1.26-11.el6.noarch yum-conf-sl6x-1-1.noarch libyaml-
0.1.3-1.el6.rf.x86_64 \
libyaml-devel-0.1.3-1.el6.rf.x86_64 libnet-1.1.2.1-2.2.el6.rf.x86_64 flex-
2.5.35-8.el6.x86_64 \
bison-2.4.1-5.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64
CUDA
Download and install NVIDIA CUDA drivers:
wget http://us.download.nvidia.com/XFree86/Linux-x86_64/270.41.19/NVIDIA-
Linux-x86_64-270.41.19.run
chmod +x NVIDIA-Linux-x86_64-270.41.19.run
./NVIDIA-Linux-x86_64-270.41.19.run
You also need to download and install the CUDA toolkit for RHEL6 :
wget http://developer.download.nvidia.com/compute/cuda/4_0/toolkit/
cudatoolkit_4.0.17_linux_64_rhel6.0.run
chmod +x cudatoolkit_4.0.17_linux_64_rhel6.0.run
./cudatoolkit_4.0.17_linux_64_rhel6.0.run
Make sure the kernel modules are loaded:
/sbin/modprobe -r nouveau && /sbin/modprobe nvidia
To ensure the proper NVIDIA CUDA modules get loaded on reboot, add the above
line to your /etc/rc.local file.
PF_RING
Go to your download directory and get the latest PF_RING:
svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn-
latest
Compile and install
Next, enter the following commands for configuration and installation:
cd pfring-svn-latest/kernel
make && sudo make install
cd ../userland/lib
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../libpcap-1.1.1-ring
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../tcpdump-4.1.1
./configure --prefix=/usr/local/pfring && make && sudo make install
Load the pf_ring kernel module:
/sbin/modprobe pf_ring
To ensure the pf_ring module gets loaded on reboot, add the above line to your
/etc/rc.local file.
Suricata
Download and install Suricata:
wget http://www.openinfosecfoundation.org/download/suricata-1.1beta2.tar.gz
And unpack it:
tar -xvzf suricata-1.1beta2.tar.gz
Change to the unpacked directory:
cd suricata-1.1beta2
Now compile and install Suricata with PF_RING and CUDA support:
./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-
includes=/usr/local/cuda/include \
--with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring --with-libpfring-
libraries=/usr/local/lib \
--with-libpfring-includes=/usr/local/include --with-libpcap-libraries=/usr/
local/lib --with-libpcap-includes=/usr/local/include
make
make install
Continue with the Basic_Setup
Next, you need to edit max-pending-packets in your /etc/suricata/suricata.yaml.
If you don't have one, download a generic one to get started:
cd /etc/suricata
wget https://rules.emergingthreatspro.com/open-nogpl/suricata/suricata-
open.yaml
Edit your suricata-open.yaml file accordingly.
The number of packets allowed to be processed simultaneously can be whatever
you want but it is recommended that it be 4000 or more.
For example:
max-pending-packets: 12288
Next make sure the following line is present in the multi pattern algorithm
section:
mpm-algo: b2g_cuda
Rules
Read the information in Rule_Management_with_Oinkmaster
Add rules to suricata:
cd /etc/suricata
wget https://rules.emergingthreatspro.com/open-nogpl/suricata/
emerging.rules.tar.gz
tar -xvzf emerging.rules.tar.gz
Make sure your .yaml file includes the /etc/suricata/rules/emerging-*.rules
files (they may need to be uncommented).
Run Suricata as followed:
cd /etc/suricata
/usr/local/bin/suricata -c /etc/suricata/suricata.yaml\
--pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
touch /var/lock/subsys/local
References
PF_RING
http://www.ntop.org/products/pf_ring/
|