Installation from GIT with luajit¶
Since 1.4beta Suricata introduces luajit support.
What does this actually mean? - here is a quick look and a repository(EmergingThreats) that holds free to use luajit scripts for Suricata:
https://github.com/EmergingThreats/et-luajit-scripts
This installation guide is for Suricata from git (latest) and Luajit - http://luajit.org/
Set up used is Ubuntu LTS 14.04 and luajit 2.0.3 (latest at the time of this writing)
We get luajit (please do not copy/paste, make sure you check the latest luajit version):
wget http://luajit.org/download/LuaJIT-2.0.3.tar.gz tar -zxf LuaJIT-2.0.3.tar.gz cd LuaJIT-2.0.3 make && make install
at the end , when make install is done we should get something like the following:
... cd src && install -m 0644 lua.h lualib.h lauxlib.h luaconf.h lua.hpp luajit.h /usr/local/include/luajit-2.0 cd src/jit && install -m 0644 bc.lua v.lua dump.lua dis_x86.lua dis_x64.lua dis_arm.lua dis_ppc.lua dis_mips.lua dis_mipsel.lua bcsave.lua vmdef.lua /usr/local/share/luajit-2.0.3/jit ln -sf luajit-2.0.3 /usr/local/bin/luajit ==== Successfully installed LuaJIT 2.0.3 to /usr/local ==== .......
So far so good. Now we only need to compile and install the latest Suricata form git.
In this particular example we are also using/enabling nss (but you can skip those if you do not need/use them):
sudo git clone git://phalanx.openinfosecfoundation.org/oisf.git && cd oisf/ && \ git clone https://github.com/OISF/libhtp.git -b 0.5.x && \ sudo ./autogen.sh && ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-luajit \ --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib \ --with-libnspr-includes=/usr/include/nspr --with-libluajit-includes=/usr/local/include/luajit-2.0/ \ --with-libluajit-libraries=/usr/lib/
Then at the end, when it is finished, you should get similar result:
...
root@LTS-64-1:~/Work/tmp/oisf# suricata --build-info This is Suricata version 2.1dev (rev 0704ece) Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS SIMD support: SSE_3 Atomic intrisics: 1 2 4 8 byte(s) 64-bits, Little-endian architecture GCC version 4.8.2, C version 199901 compiled with -fstack-protector compiled with _FORTIFY_SOURCE=2 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.17, linked against LibHTP v0.5.17 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: yes libnspr support: yes libjansson support: yes Prelude support: no PCRE jit: yes LUA support: yes libluajit: yes libgeoip: no Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: no Profiling locks enabled: no Coccinelle / spatch: no Generic build parameters: Installation prefix (--prefix): /usr Configuration directory (--sysconfdir): /etc/suricata/ Log directory (--localstatedir) : /var/log/suricata/ Host: x86_64-unknown-linux-gnu GCC binary: gcc GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no
NOTE:
LUA support: yes libluajit: yes
Excellent.
Now we just make and install.
sudo make clean && sudo make && sudo make install && sudo ldconfig
and you are all set to try the luajit magic.
Peter Manev