How to Install Suricata on an AWS Instance of RedHat Enterprise Linux Server

Updated 11/29/17

These directions will allow you to install Suricata.  The script in step 2 was designed to install Suricata 4.0.1 on an AWS instance of RHEL 7.4.  This script requires that your AWS RedHat Enterprise Linux server is in a security group that has access to the internet.  You do not need a subscription to RedHat packages. 

Step #1  Log into the Red Hat Enterprise Linux server. 
Step #2  Create /tmp/installer.sh with the following content:

#!/bin/bash
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum -y install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
wget https://www.openinfosecfoundation.org/download/suricata-4.0.1.tar.gz
tar -xvzf suricata-4.0.1.tar.gz
cd suricata-4.0.1
./configure
make
make install

Step #3  Run the script with this command: sudo bash /tmp/installer.sh

Step #4  Run this command to confirm Suricata is installed:

suricata -V

Step #5.  You are done.

FFR
The following 85 line script used to work to install Suricata 3.1 on an AWS instance of RHEL 7.2.  It is here for reference (in case you are working on a legacy project).

This below script was based on these here.  This script uses Fedora packages instead.  Some shared objects and files are backed up before the installation of the Fedora rpms.  The script restores these files.  The script takes approximately five minutes to run.  But bandwidth and resources on your instance may vary.

# Then input this script starting with the "#!/bin/bash" line below.  The final line is "make install-full"

#!/bin/bash

mkdir /bin/suricata/
mkdir /tmp/contint
cd /bin/suricata

sudo yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel \
  zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make \
  libnetfilter_queue-devel lua-devel

yum -y install wget
yum -y install bzip2

cp /usr/lib64/libyaml-0.so.2.0.4 /tmp/libyaml-0.so.2.0.4

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/l/libyaml-0.1.6-8.fc24.x86_64.rpm

rpm -ivh --force libyaml-0.1.6-8.fc24.x86_64.rpm

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/l/libyaml-devel-0.1.6-8.fc24.x86_64.rpm

rpm -ivh --force libyaml-devel-0.1.6-8.fc24.x86_64.rpm

cp /tmp/libyaml-0.so.2.0.4 /usr/lib64/libyaml-0.so.2.0.4

cp /usr/lib64/libpcap.so.1 /tmp/contint
cp /usr/share/man/man7/pcap-filter.7.gz /tmp/contint
cp /usr/share/man/man7/pcap-linktype.7.gz /tmp/contint
cp /usr/share/man/man7/pcap-tstamp.7.gz /tmp/contint

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/l/libpcap-1.7.4-2.fc24.x86_64.rpm

rpm -ivh --force libpcap-1.7.4-2.fc24.x86_64.rpm

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/l/libpcap-devel-1.7.4-2.fc24.x86_64.rpm

rpm -ivh libpcap-devel-1.7.4-2.fc24.x86_64.rpm
rpm -ivh --force libpcap-1.7.4-2.fc24.x86_64.rpm

cp /usr/lib64/libpcap.so.1 /tmp/contint
cp /usr/share/man/man7/pcap-filter.7.gz /tmp/contint
cp /usr/share/man/man7/pcap-linktype.7.gz /tmp/contint
cp /usr/share/man/man7/pcap-tstamp.7.gz /tmp/contint

rpm -ivh --force file-libs-5.25-6.fc24.x86_64.rpm

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/f/file-libs-5.25-6.fc24.x86_64.rpm

rpm -ivh --force file-libs-5.25-6.fc24.x86_64.rpm

cp /usr/bin/file /tmp/contint/file
cp /usr/share/man/man1/file.1.gz /tmp/contint/file.1.gz

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/f/file-5.25-6.fc24.x86_64.rpm

rpm -ivh --force file-5.25-6.fc24.x86_64.rpm

cp /tmp/contint/libmagic.so.1.0.0 /usr/lib64/libmagic.so.1.0.0
cp /tmp/contint/magic /usr/share/misc/magic
cp /tmp/contint/magic.5.gz /usr/share/man/man5/magic.5.gz
cp /tmp/contint/magic.mgc /usr/share/misc/magic.mgc

cp /tmp/contint/file /usr/bin/file
cp /tmp/contint/file.1.gz /usr/share/man/man1/file.1.gz

wget ftp://rpmfind.net/linux/fedora/linux/releases/24/Everything/x86_64/os/Packages/f/file-devel-5.25-6.fc24.x86_64.rpm

rpm -ivh file-devel-5.25-6.fc24.x86_64.rpm

wget ftp://ftp.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.1.tar.bz2

tar tvjf libnfnetlink-1.0.1.tar.bz2
./configure
make
make install

wget http://www.openinfosecfoundation.org/download/suricata-3.1.tar.gz

tar -xvzf suricata-3.1.tar.gz

cd suricata-3.1

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-nfqueue --enable-lua
./configure
make install-full

Leave a comment

Your email address will not be published. Required fields are marked *