1

我正在尝试按照我之前做过的 [Rapid7][1] 的教程构建 Suricata,但是在新机器中我遇到了这个问题......

我的步骤:

# suricata static build
apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev libjansson4 libcap-ng-dev libmagic-dev libjansson-dev zlib1g-dev llvm
#more dependencies:
sudo apt install python3-pip libnspr4-dev libnss3-dev liblz4-dev rustc cargo
pip3 install PyYAML


# IPS dependencies:
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev

# install suricata:
wget https://www.openinfosecfoundation.org/download/suricata-6.0.1.tar.gz
tar -xzvf suricata-6.0.1.tar.gz
cd suricata-6.0.1
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make

结果:

  Compiling der-oid-macro v0.2.0
  Compiling x509-parser v0.6.5
  Compiling der-parser v4.1.0
error: /home/juan/suricata-6.0.1/rust/target/release/deps/libder_oid_macro-6303e17a207c2efa.so: undefined symbol: llvm.x86.subborrow.64
  --> /home/juan/suricata-6.0.1/rust/vendor/der-parser/src/lib.rs:171:9
   |
171 | pub use der_oid_macro::oid;
   |         ^^^^^^^^^^^^^

error: aborting due to previous error

error: could not compile `der-parser`.
warning: build failed, waiting for other jobs to finish...
error: build failed
make[1]: *** [Makefile:544: all-local] Error 101
make[1]: Leaving directory '/home/juan/suricata-6.0.1/rust'
make: *** [Makefile:492: all-recursive] Error 1

在启用 rust 的情况下配置相同的问题:

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-rust

感谢您的关注

#########

解决了:

Rust 环境变量或安装似乎有问题。使用 rustup 安装 Rust:

sudo apt remove --purge rustc
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-rust
make
sudo make install
sudo make install-full
sudo ldconfig

成功!

注意:安装后清除 rustc 并执行 ldconfig 可解决此错误消息:

# /usr/bin/suricata -c /etc/suricata/suricata.yaml -i enp35s0

/usr/bin/suricata: symbol lookup error: /usr/bin/suricata: undefined symbol: htp_config_set_lzma_layers





  [1]: https://blog.rapid7.com/2017/02/14/how-to-install-suricata-nids-on-ubuntu-linux/
4

0 回答 0