aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/doc/Mac_OS_X_106x.txt
blob: 0f76a0470d9b5b5d863455b88c22e85851ee81f4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Mac_OS_X_106x


Mac OS X (10.6.x)


Pre-installation requirements

These instructions have been tested with Mac OS X (10.6.1). To begin, you will
need an essential development environment much like gcc/make. You can download
Xcode from http://developer.apple.com/technology/xcode.html.
MacPorts is required for you to fetch the depends, so you will also need to
install MacPorts, if you have not already done so. The online installation
guide is located at http://guide.macports.org/#installing.
Before you can build Suricata for your system, you must run the following
command to ensure that you have everything you need for the installation.

  port install autoconf automake gcc44 make libnet11 libpcap pcre \
  libyaml libtool
  export AC_PROG_LIBTOOL=$( which libtool )

Depending on the current status of your system, it may take a while to complete
this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to
install HTP manually for other reasons, instructions can be found at HTP
library_installation.

IPS

If you would like to have IPS capabilities with IPFW, then you should run
configure like this:

  ./configure --enable-ipfw --prefix=/usr --sysconfdir=/etc --localstatedir=/
  var

and execute the rest of the commands the same as above.

Suricata

To download and build Suricata, enter the following:

  wget http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
  tar -xvzf suricata-1.3.3.tar.gz
  cd suricata-1.3.3

You will also need to have an ipfw rule set for the engine to see the packets
from ipfw. For example:

  ipfw add 100 divert 8000 ip from any to any

The 8000 above should be the same number you pass on the command line of
suricata with the option -d, that is, -d 8000:

  suricata -c config_file.yaml -d 8000

You will need a Suricata rule set with IPS options (drop, reject, etc). For
this, please refer to the Emerging Threats rule sets.
If you are building from Git sources, enter the following:

  bash autogen.sh

If you are not building from Git sources, enter the following:

  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  make
  sudo make install

Please continue with the Basic_Setup.