Downloading Suricata 6.0.2 and its Dependencies for RHEL 7.6

Help
1

I’m trying install Suricata 6.0.2 on RHEL 7.6 VMs that do not have internet access, so, first, I am trying to download Suricata and all its dependencies using yumdownloader on a machine with internet access. I plan on moving the Suricata RPM and its dependencies into a local yum repository.

I tried following the instructions here :
https://suricata.readthedocs.io/en/suricata-6.0.2/install.html#rhel-centos-8-and-7

However, yum-plugin-copr doesn’t seem to be readily available for RHEL 7.6. I’m unable to install it.

I would prefer to use a package manger rather than compiling from source, but I can if no easy alternative is available.

Thanks for the help!

2

I probably need to look more into the quirks of getting this installed on RHEL, though I think I did try RHEL 7.8 without issue.

Anyways, you can skip yum-plugin-copr by downloading the .repo file on its own… Something like:

cd /etc/yum.repos.d
curl -OL https://copr.fedorainfracloud.org/coprs/g/oisf/suricata-6.0/repo/epel-7/group_oisf-suricata-6.0-epel-7.repo
3

Jason, thanks for the help! I got Suricata installed and downloaded its dependencies. For anyone interested, the steps I followed on RHEL 7.6 were:

cd /etc/yum.repos.d
curl -OL https://copr.fedorainfracloud.org/coprs/g/oisf/suricata-6.0/repo/epel-7/group_oisf-suricata-6.0-epel-7.repo
cd
mkdir -p suricata suricata/rpms
cd suricata
sudo yumdownloader --resolve --destdir=rpms suricata
cd $HOME/suricata/rpms
sudo yum --disablerepo=* localinstall *.rpm

These were the RPMs I got:

hiredis-0.12.1-2.el7.x86_64.rpm      libnet-1.1.6-7.el7.x86_64.rpm                python2-pyyaml-3.10-0.el7.noarch.rpm
libmaxminddb-1.2.0-6.el7.x86_64.rpm  libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm  suricata-6.0.2-1.el7.x86_64.rpm
4

I ran into an issue when trying to install Suricata on my RHEL 7.6 VMs without internet access.

Yum claimed Suricata along with the dependencies that I downloaded installed successfully, but I got the following error when trying to run Suricata:

suricata: symbol lookup error: suricata: undefined symbol: LZ4F_compressUpdate

This may be out of the scope of what you guys can help me with though. But, I would greatly appreciate suggestions from anyone. It does appear to be an LZ4 library, but the same version of LZ4 is running both on my online and on my offline VM. Both machines show:

: lz4 -V
*** LZ4 command line interface 64-bits v1.7.5, by Yann Collet ***

Also,

rpm -qa | grep lz4
lz4-1.7.5-2.el7.x86_64
5

The closest I can test on right now is CentOS 7.6 where it does appear to work OK.

# rpm -qa|grep lz4
lz4-1.7.5-2.el7.x86_64

Can you also check the symbols in lz4? For example:

# nm -D /lib64/liblz4.so.1.7.5 |grep compressUpdate
0000000000010200 T LZ4F_compressUpdate

The package versions do appear to match between RHEL and CentOS, but maybe they are not exactly the same.

6

The issue was on my end.

There was a custom shared library directory, unique to our project (meaning it’s not bundled with RHEL or Centos), with an extremely out of date liblz4.so.1.4.0 file. That file does not contain the LZ4F_compressUpdate symbol.

I ran:

ldd /usr/sbin/suricata | grep -i lz4

Which showed that suricata was using the above, out of date file. I was able to run Suricata using the standard libraries on the system like so:

LD_LIBRARY_PATH=/lib64 suricata

Thanks again for the help :slight_smile:.