How to compile latest Suricata on SELKS

SELKS comes with prepackaged and installed Suricata ready to go and configured. Those packages will be automatically upgraded during regular apt-get update && apt-get dist-upgrade.

If you would like to compile and install your own version of Suricata or compile and install the latest available Suricata dev edition (git) here is how you can do it:

Make sure you have all needed packages:

root@SELKS:/opt# apt-get install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev libcap-ng-dev \
libcap-ng0 make libmagic-dev git-core libnetfilter-queue-dev \
libnetfilter-queue1 libnfnetlink-dev libnfnetlink0 libluajit-5.1-dev \
libhtp-dev libnss3-dev libnspr4-dev libjansson-dev libhyperscan-dev \
libmaxminddb-dev rustc cargo

Get the latest dev edition:

root@SELKS:/opt# git clone https://github.com/OISF/suricata.git && cd suricata \
&& git clone https://github.com/OISF/libhtp.git -b 0.5.x

Configure, compile and install:

root@SELKS:/opt/oisf# ./autogen.sh

root@SELKS:/opt/oisf# ./configure \
--prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ \
--enable-nfqueue --enable-non-bundled-htp --disable-gccmarch-native \
--enable-geoip --enable-gccprotect  --enable-luajit --enable-pie

If it is needed to have debugging enabled you can do configure like so:

root@SELKS:/opt/oisf# ./configure CFLAGS="-ggdb -O0" \
--prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ \
--enable-nfqueue --enable-non-bundled-htp --disable-gccmarch-native \
--enable-geoip --enable-gccprotect  --enable-luajit

root@SELKS:/opt/oisf# make clean && make && make install

Restart Suricata service:

root@SELKS:/opt# systemctl restart suricata

Check with:

root@SELKS:/opt# suricata --build-info
root@SELKS:/opt# systemctl status suricata

Done!