snort3 for arm64

790阅读 0评论2020-12-16 静默梧桐
分类:LINUX


snort3为思科项目,现在Github上的代码为其内部代码的mirror镜像,并非完整意义上的开源项目,这个问题我专门提了一个PR得到的回复,参考:
思科内部的开发维护主要在x86平台上,我们尝试Arm64平台上运行snort, 并将过程中一些步骤进行了总结,记录在GitHub:
  这个脚本安装一些依赖,包括支持Arm64的hyperscan,进行了一些功能验证,可以在Arm64上工作;

#!/bin/bash
apt-get update && \
apt-get -y install cmake wget git bison flex g++ libssl-dev pkg-config autoconf \
libtool libboost-all-dev liblzma-dev vim iproute2 iputils-ping libunwind-dev uuid-dev
wget && \
tar zxvf libpcap-1.9.1.tar.gz && \
cd libpcap-1.9.1 && \
./configure && make && make install && cd ..
git clone && cd libdaq/ && \
./bootstrap && ./configure && make && make install && ldconfig && \
cd ..
git clone && cd libdnet/ && \
cp /usr/share/automake-*/config.guess ./config/config.guess && \
./configure && make && make install && cd ..
wget && \
tar zxvf hwloc-2.3.0.tar.gz && cd hwloc-2.3.0 && ./configure && \
make && make install && cd ..
wget && \
tar zxvf LuaJIT-2.1.0-beta3.tar.gz && cd LuaJIT-2.1.0-beta3/ && \
make install && cd ..
wget ftp://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-8.44.tar.gz && \
cd pcre-8.44 && ./configure && make && make install && cd ..
#### Install Hyperscan ####
wget && \
tar zxvf colm-0.13.0.7.tar.gz && cd colm-0.13.0.7 && ./configure && \
make && make install && ldconfig && cd ..
wget && \
tar zxvf ragel-7.0.0.12.tar.gz && cd ragel-7.0.0.12 && ./configure && \
make && make install && cd ..
mkdir kunpengcomputer-hyperscan && cd kunpengcomputer-hyperscan && \
git clone . && \
mkdir build && cd build && cmake .. && \
cmake --build . && cmake -P cmake_install.cmake && \
cd ../..
wget -O flatbuffers-v1.12.0.tar.gz && \
tar zxvf flatbuffers-v1.12.0.tar.gz && mkdir flatbuffers-build && cd flatbuffers-build && \
cmake ../flatbuffers-1.12.0 && make && make install && \
cd ..
# install safec
wget && \
tar -xzvf libsafec-02092020.tar.gz && cd libsafec-02092020.0-g6d921f/ && \
./configure && make install && cd ..
### Install snort3 ###
git clone && \
cd snort3 && git checkout 3.0.3-3 && ./configure_cmake.sh --prefix=/usr/local && cd build && \
make -j $(nproc) install && cd ../..
### Install snort3 registered ruleset
mkdir snortrules-3000 && tar -xvzf ./snortrules-snapshot-3000.tar.gz -C ./snortrules-3000/ && \
mkdir /usr/local/etc/rules && mkdir /usr/local/etc/builtin_rules && \
mkdir /usr/local/etc/so_rules && mkdir /usr/local/etc/lists && \
cd snortrules-3000/ && cp ./rules/*.rules /usr/local/etc/rules/ && \
cp ./builtins/builtins.rules /usr/local/etc/builtin_rules/ && cp ./etc/* /usr/local/etc/snort/ && \
cd ..


另外运行 脚本可以得到集成snort3的docker image,也可以从直接下载:
docker pull iecedge/snort3:arm64-3.0.3-3
上一篇:Linux Performance Tunning: IPIP Tunnel(1)
下一篇:snort3: DAQ