[Oisf-devel] Compile suricata statically

Dave Remien dave.remien at gmail.com
Wed Jun 28 20:50:34 UTC 2017 

OK, have built a statically linked suricata, except for libpcre, which is
dynaloaded ('cause I don't have a static one handy):

../libhtp/htp/.libs/libhtp.a /usr/lib/x86_64-linux-gnu/libmagic.a
/usr/local/lib/libcap-ng.a /usr/local/lib/libpcap.a
/usr/lib/x86_64-linux-gnu/libnet.a /usr/local/lib/libnetfilter_queue.a
/usr/local/lib/libnfnetlink.a /usr/lib/x86_64-linux-gnu/libjansson.a
/usr/lib/x86_64-linux-gnu/libpthread.a /usr/local/lib/libyaml.a -lpcre
/usr/lib/x86_64-linux-gnu/libz.a /usr/lib/x86_64-linux-gnu/libc.a -static

root at fw:/usr/local/src/suricata-3.2.2/src# file .libs/suricata
.libs/suricata: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux),
statically linked, for GNU/Linux 2.6.32,
BuildID[sha1]=2753a65e3e621f46ef1316369bfaf7a946e17966, not stripped

root at fw:/usr/local/src/suricata-3.2.2/src# ll .libs/suricata
-rwxr-xr-x 1 root root 24227424 Jun 28 14:33 .libs/suricata*

and it loads the rules, will try it inline later:


root at fw:/usr/local/src/suricata-3.2.2/src#  .libs/suricata -T
28/6/2017 -- 14:40:26 - <Info> - Running suricata under test mode
28/6/2017 -- 14:40:26 - <Info> - Configuration node 'unix-command'
redefined.
28/6/2017 -- 14:40:26 - <Notice> - This is Suricata version 3.2.2 RELEASE
28/6/2017 -- 14:40:28 - <Notice> - Configuration provided was successfully
loaded. Exiting.



On Wed, Jun 28, 2017 at 7:29 AM, Jason Ish <lists at ish.cx> wrote:

> On 27/06/17 11:05 AM, Victor Julien wrote:
>
>> On 27-06-17 13:43, Breno Silva wrote:
>>
>>> I just tried to play with C|LD|FLAGS (defining -static) and using .a
>>> version of the libraries (pcre, yaml, etc).
>>> However suricata binary is always dynamic. There is no error.
>>>
>>> Anything you think i should try ?
>>>
>>
>> I don't know. Never tried it :)
>>
>> Anyone else have an idea?
>>
>
> I haven't tried with Suricata yet myself, but I used to build another app
> statically, and I found I had to remove the shared libraries so they
> wouldn't be found at all - a container helped here. Or copy the .a's into a
> directory and make sure that dir is on the library path before any standard
> location. But I find it far from trivial on modern Linux.
>
> Jason
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20170628/5019c476/attachment-0002.html>

More information about the Oisf-devel mailing list