一、环境
windows10 + wsl2
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
二、编译
2.1 下载源码
wget https://www.openinfosecfoundation.org/download/suricata-7.0.5.tar.gz
2.2 安装依赖
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shsudo apt-get install autoconf automake build-essential ccache clang curl git \gosu jq libbpf-dev libcap-ng0 libcap-ng-dev libelf-dev \libevent-dev libgeoip-dev libhiredis-dev libjansson-dev \liblua5.1-dev libmagic-dev libnet1-dev libpcap-dev \libpcre2-dev libtool libyaml-0-2 libyaml-dev m4 make \pkg-config python3 python3-dev python3-yaml sudo zlib1g \zlib1g-dev
cargo install --force cbindgen2.3 编译安装
tar xf suricata-7.0.5.tar.gz
cd suricata-7.0.5
./configure --prefix=/opt/suricata7 --enable-debug
make -j8
sudo make install-full
三、使用vscode搭建调试环境
3.1 vscode插件
3.2 创建debug配置
{"configurations": [{"name": "suricata7","type": "cppdbg","request": "launch","program": "/opt/suricata7/bin/suricata","args": ["-r", "~/suricata-7.0.5/http.pcap", "--runmode", "single"],"stopAtEntry": false,"cwd": "${fileDirname}","environment": [{"name": "SC_LOG_LEVEL", "value": "Debug"}],"externalConsole": false,"MIMode": "gdb","setupCommands": [{"description": "Enable pretty-printing for gdb","text": "-enable-pretty-printing","ignoreFailures": true},{"description": "Set Disassembly Flavor to Intel","text": "-gdb-set disassembly-flavor intel","ignoreFailures": true}]}]
}
note:
安装目录/opt/suricata7的权限是root,导致后续读取配置时没有权限,因此执行了如下命令
sudo chown -R tree /opt/suricata7
debug成功
)
