Guide: Suricata RPMs for RedHat Enterprise Linux and rebuilds

ish · October 21, 2020, 4:29pm

Introduction

The OISF maintains Suricata RPMs for the following Linux distributions:

RHEL 9 (AlmaLinux 9, Rocky Linux 9, etc)
RHEL 8 (AlmaLinux 8, Rocky Linux 8, etc)
And the active Fedora versions.

Note: At this time RPMs are only built for x86_64. We may expand this in the future.

RPMs are provided for all supported versions of Suricata allowing you to stick to a particular release branch until you are ready to upgrade. This is done by providing an RPM repository per version. At this time the following versioned repositories exist:

suricata-7.0
~~suricata-6.0~~ (now EOL)

Installation

The following is an example of installing Suricata 7.0 on CentOS. If you wish to install 6.0 instead, change the repository name of @oisf/suricata-7.0 to @oisf/suricata-6.0. Note that Suricata 6.0 is now EOL and is used for example purposes only.

yum install epel-release yum-plugin-copr
yum copr enable @oisf/suricata-7.0
yum install suricata

Upgrading

To upgrade from one major version to another on your schedule, the active RPM repository should be disabled and the newer version be enabled. For example, to upgrade from 6.0 to 7.0 on CentOS:

yum copr disable @oisf/suricata-6.0
yum copr enable @oisf/suricata-7.0
yum update suricata

| Note: This will not migrate your configuration files from one version to another. That is a task still left up to the user.

Configuration and Running

To configure and run Suricata from the RPM please see the guide on getting started with RPMS:

References

DFIRDelbs · November 3, 2020, 1:24am

Hey thanks for this article i was looking for something hosting RPM’s for Suricata 6 on Centos 7. When i add the repo on centos 7 with yum copr enable @oisf/suricata i get a 404 Not found for “https://download.copr.fedorainfracloud.org/results/%40oisf/suricata-6.0/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found”

I think the data is there when navigating to https://copr-be.cloud.fedoraproject.org/results/%40oisf/suricata-6.0/epel-7-aarch64/ but just wanted to let you know in the event other people are adding this repo but recieving a 404 also.

Cheers,
Nathan

ish · November 3, 2020, 4:08am

Sorry about that. Should be fixed now. Thanks for posting.

It should work with just running yum install suricata now.

DFIRDelbs · November 3, 2020, 4:36am

Whoa this is awesome. No need to be sorry just wanted to report it so i can use it.

You have no idea how much effort you just saved me Initially today i was writing up my own suricata.spec about to build my own and then i found this. thanks a lot!

Nathan

James_Lagermann · December 16, 2020, 10:41pm

For CentOS8, I had to install epel-release to satisfy the following requirements:

Error:
 Problem: conflicting requests
  - nothing provides libhiredis.so.0.13()(64bit) needed by suricata-1:5.0.5-1.el8.x86_64
  - nothing provides libhs.so.5()(64bit) needed by suricata-1:5.0.5-1.el8.x86_64
  - nothing provides libprelude.so.28()(64bit) needed by suricata-1:5.0.5-1.el8.x86_64

ish · December 16, 2020, 11:11pm

This is already covered in the “CentOS 7 and 8” section. I’m going to remove the “and CentOS 8” from the Fedora section as that is Fedora only as it doesn’t cover epel-release. Thanks.