I'm trying to build Suricata following the tutorial of [Rapid7][1] I did it before, but in the new machine I stack at this problem...
My steps:
# suricata static build
apt-get install libpcre3-dbg libpcre3-dev autoconf automake libtool libpcap-dev libnet1-dev libyaml-dev libjansson4 libcap-ng-dev libmagic-dev libjansson-dev zlib1g-dev llvm
#more dependencies:
sudo apt install python3-pip libnspr4-dev libnss3-dev liblz4-dev rustc cargo
pip3 install PyYAML
# IPS dependencies:
apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev
# install suricata:
wget https://www.openinfosecfoundation.org/download/suricata-6.0.1.tar.gz
tar -xzvf suricata-6.0.1.tar.gz
cd suricata-6.0.1
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
result:
Compiling der-oid-macro v0.2.0
Compiling x509-parser v0.6.5
Compiling der-parser v4.1.0
error: /home/juan/suricata-6.0.1/rust/target/release/deps/libder_oid_macro-6303e17a207c2efa.so: undefined symbol: llvm.x86.subborrow.64
--> /home/juan/suricata-6.0.1/rust/vendor/der-parser/src/lib.rs:171:9
|
171 | pub use der_oid_macro::oid;
| ^^^^^^^^^^^^^
error: aborting due to previous error
error: could not compile `der-parser`.
warning: build failed, waiting for other jobs to finish...
error: build failed
make[1]: *** [Makefile:544: all-local] Error 101
make[1]: Leaving directory '/home/juan/suricata-6.0.1/rust'
make: *** [Makefile:492: all-recursive] Error 1
Same problem configuring with rust enabled:
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-rust
Thanks for your attention
#########
solved:
It seems a problem with Rust environment variables or installation. Installing Rust using rustup:
sudo apt remove --purge rustc
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-rust
make
sudo make install
sudo make install-full
sudo ldconfig
succesful!
note: Purging rustc and doing ldconfig after installation solves this error message:
# /usr/bin/suricata -c /etc/suricata/suricata.yaml -i enp35s0
/usr/bin/suricata: symbol lookup error: /usr/bin/suricata: undefined symbol: htp_config_set_lzma_layers
[1]: https://blog.rapid7.com/2017/02/14/how-to-install-suricata-nids-on-ubuntu-linux/