[Oisf-users] Hyperscan on RHEL or CentOS
Spransy, Derek
dsprans at emory.edu
Tue Mar 28 16:20:47 UTC 2017
These are my notes from installing HS and pf_ring support on RHEL 7.
Install with Intel Hyperscan Enabled
Install pre-requisites
sudo yum install cmake gcc-c++ python-devel
Download ragel, unpack, ./configure, make, sudo make install
Download and compile boost headers
Download boost 1.60
tar xvzf boost_1_60_0.tar.gz
cd boost_1_60_0
./bootstrap.sh
./b2
Install Hyperscan
git clone https://github.com/01org/hyperscan
cd hyperscan
mkdir build
cd build
cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../
make
sudo make install
Compile Suricate with HS and PF_RING support
./configure --prefix=/usr --sysconfdir=/etc --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib --with-libnspr-includes=/usr/include/nspr4/ --with-libnspr-libraries=/usr/include/nspr4/ --with-libcap_ng-libraries=/usr/local/lib --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/
mpm-algo and spm-algo values in suricata.yaml must be set to 'auto' or 'hs'
________________________________
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> on behalf of Cloherty, Sean E <scloherty at mitre.org>
Sent: Tuesday, March 28, 2017 12:15 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Hyperscan on RHEL or CentOS
Has anyone got instructions for installing Hyperscan on RHEL/CentOS? I’ve tried a few times now and it seems like I get fairly close, but I’ve not been able to compile Suricata with Hyperscan. I know that it is something I am completing incorrectly but have not been able to figure it out. Are there files or configuration changes that I can check at the end of the install to see if it was completed correctly prior to compiling Suricata?
Thanks.
Sean Cloherty
InfoSec Engineer/Scientist, Lead
MITRE Corporation
office (781) 271-3707
cell (781) 697-8043
________________________________
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.
If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170328/01621739/attachment-0002.html>
More information about the Oisf-users
mailing list