Ubuntu 下安装 Bro

Bro IDS

简介

Bro is a powerful system that on top of the functionality it provides out of the box, also offers the flexibility to customize analysis pretty much arbitrarily. We provide a range of documentation material ranging from introductory material to get you started, to full references of Bro’s various frameworks.

Bro 的运行依赖 (required Dependencies)

如下所需库在 Ubuntu 14.04 中已经默认安装了，其他系统尚未亲自测试
Bro requires the following libraries and tools to be installed before you begin:
- Libpcap
- OpenSSL libraries
- BIND8 library
- Libz
- Bash (for BroControl)
- Python 2.6 or greater (for BroControl)

Libpcap

Libpcap 已经随 tcpdump 在 ubuntu 中 默认安装了，测试命令

$ tcpdump -h

Libpcap 源码

OpenSSL libraries

OpenSSL 在 ubuntu 中 默认安装了，测试命令

$ openssl -version


wireshark

Bro 的编译依赖

To build Bro from source, the following additional dependencies are required:
- CMake 2.8 or greater (http://www.cmake.org)
- Make
- C/C++ compiler with C++11 support (GCC 4.8+ or Clang 3.3+)
- SWIG (http://www.swig.org)
- Bison (GNU Parser Generator)
- Flex (Fast Lexical Analyzer)
- Libpcap headers (http://www.tcpdump.org)
- OpenSSL headers (http://www.openssl.org)
- zlib headers
- Python

CMake

$ cmake --version
cmake version 2.8.12.2

Make

$ make -v
GNU Make 3.81
...

gcc

$ gcc -v
...
gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) 

SWIG

$ apt-get -y install swig
...
$ swig -version
SWIG Version 2.0.11
...

Bison

$ apt-get -y install bison
...
$ bison -V
bison (GNU Bison) 3.0.2
...

Flex

$ apt-get install -y flex
...
$ flex -V
flex 2.5.35

一键安装所有依赖

apt-get -y install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev

sudo sh -c "echo 'deb http://download.opensuse.org/repositories/network:/bro/xUbuntu_14.04/ /' >> /etc/apt/sources.list.d/bro.list"

源码编译 Bro

下载 Bro 源码

git clone --recursive git://git.bro.org/bro

编译 Bro 源码