Suricata version 6.0.1

[ipworkx]

Hi,

Currently I'm building a customized build using all kinds of extra features. It works pretty good. Currently the install scripts lacks because of a failing moloch. I solved it because it's today Arkime I believe. The issue is that suricata is version 7.0-dev. instead of version 6.01.

Where is the orginal deb file which results into suricata 6.0.1? Can you bring it back online?

Regards, Thierry

[pevma]

SELKS by default always provides the latest suricata. If you would like a different version - you could actually compile/installed it no problem, like explained here - https://github.com/StamusNetworks/SELKS/wiki/How-to-compile-latest-Suricata-on-SELKS (you just need to checkout the 6.0.1 branch)

[ipworkx]

Roger, I'll give it a try. Currently was using debian buster backport to get 5 running. When it's finished I hop in the chroot to rebuild it again. I just want to get an ISO prepared with the latest buster updates & fixes, scirius and a stable suricata version.

I'll let you know. Are there any caveats building and compiling in the chroot phase?

[pevma]

I don't think you should have problems.

[ipworkx]

Almost there. In the chroot it almost works. When I do configure, at the end it pops up with an error ERROR! libhtp was found but it is neither >= 0.5.36, nor the dev 0.5.X I specific cloned the version 0.5.36 (latest)

Any ideas?

[ipworkx]

Okay. It wants me to add: apt-get install liblz4-dev {Done} Then went to libhtp and did ./autogen.sh .configure, make, make install Then went back to suricata and did a configure etc, etc. It then failes. It complains about : . . checking for cbindgen... no Warning: cbindgen too old or not found, it is required to generate header files. To install: cargo install --force cbindgen configure: error: cbindgen required

I installed have to install : cargo install --force cbindgen. Did that. Then rerun-ned the configure and it fails again complaining about the same stuff. cbindgen...

Any familiar things around here? Regards, Thierry

[ipworkx]

Sorry. forget it. I forgot to add the path using export stuff. I went int o the next stage and got stuck there: . . Compiling rusticata-macros v2.1.0 Compiling ntp-parser v0.4.0 Compiling der-oid-macro v0.2.0 Compiling der-parser v3.0.4 Compiling ipsec-parser v0.5.0 Compiling x509-parser v0.6.5 Compiling der-parser v4.1.0 error: /root/suricata/rust/target/release/deps/libder_oid_macro-6303e17a207c2efa.so: undefined symbol: llvm.x86.subborrow.64 --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/der-parser-4.1.0/src/lib.rs:171:9 | 171 | pub use der_oid_macro::oid; | ^^^^^^^^^^^^^

error: aborting due to previous error

error: could not compile der-parser. warning: build failed, waiting for other jobs to finish... error: build failed make[1]: [Makefile:547: all-local] Error 101 make[1]: Leaving directory '/root/suricata/rust' make: [Makefile:492: all-recursive] Error 1

[ipworkx]

It was a lot easier with a pre-packaged deb file.

[pevma]

You also need rust for the compile. Yes pre compiled deb are easier