security单项服务的提取安装---抓包--stenographer

security单项服务的提取安装—抓包–stenographer
安装在CentOS-7
1.安装CentOS-7-x86_64-DVD-1810.iso
2.选择开发及生成工作站，全选
3.yum install -y epel-release
4.yum install golang
5.yum install git
6.go get github.com/google/stenographer
7.git clone https://github.com/google/stenographer.git 执行完第六步会生成一个go文件夹，在go/src下执行
8.mkdir -p /home/packets/directory
9.mkdir -p /home/index/directory
10.chown stenographer:stenographer /home/packets/directory
11.chown stenographer:stenographer /home/index/directory
12.更改install_el7.sh 中33行source lib.sh—>>source ./lib.sh
13.更改62行local _url=“https://storage.googleapis.com/golang/go1.6.3.linux-amd64.tar.gz”---->>>local _url=“https://studygolang.com/dl/golang/go1.14.14.linux-amd64.tar.gz” 原始的go版本低了
14.执行install_el7.sh
15.检查jq安装情况 cat /usr/local/bin/jq
16.如果没有文件，则单独执行：
curl -s -L -J https://github.com/stedolan/jq/releases/download/jq-1.5rc2/jq-linux-x86_64 | sudo tee /usr/local/bin/jq >/dev/null;
sudo chmod +x /usr/local/bin/jq;
17.如果出现：
Checking for running processes…
!!! Stenographer not running !!!
Feb 7 10:15:37 cinghoo stenographer[11160]: 2021/02/07 10:15:37 Stenotype stopped after 1.217878ms: cannot start stenotype: fork/exec /usr/bin/stenotype: permission denied
Feb 7 10:15:37 cinghoo stenographer[11160]: 2021/02/07 10:15:37 Stenotype ran for too little time, crashing to avoid stenotype crash loop
Feb 7 10:15:37 cinghoo systemd: stenographer.service: main process exited, code=exited, status=1/FAILURE
Feb 7 10:15:37 cinghoo systemd: stenographer.service: control process exited, code=exited status=1
Feb 7 10:15:37 cinghoo systemd: Unit stenographer.service entered failed state.
Feb 7 10:15:37 cinghoo systemd: stenographer.service failed.
18.执行 unlink /usr/bin/stenotype
19.再次执行install_el7.sh
20.如果还有问题 就将install_el7.sh 脚本内容单独手动执行
21.出现：
[root@cinghoo stenographer]# sh ./install_el7.sh
Killing any already running processes…
Redirecting to /bin/systemctl stop stenographer.service
Starting stenographer service
Redirecting to /bin/systemctl start stenographer.service
Checking for running processes…
* Stenographer up and running
* Stenotype up and running
安装成功
22.[root@cinghoo stenographer]# systemctl status stenographer.service
● stenographer.service - packet capture to disk
Loaded: loaded (/etc/systemd/system/stenographer.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2021-02-07 10:35:41 CST; 32s ago
Process: 14968 ExecStopPost=/bin/pkill -9 stenotype (code=exited, status=1/FAILURE)
Main PID: 16617 (stenographer)
Tasks: 14
Memory: 18.5M
CGroup: /system.slice/stenographer.service
├─16617 /usr/bin/stenographer
└─16624 /usr/bin/stenotype -v --threads=1 --dir=/tmp/stenographer336182395 --iface=ens9f0

2月 07 10:35:41 cinghoo systemd[1]: Started packet capture to disk.
2月 07 10:35:41 cinghoo stenographer[16617]: 2021-02-07T02:35:41.047926Z T:fb1de7 [stenotype.cc:567] Starting, page size is 4096
                                          2021-02-07T02:35:41.048393Z T:fb1de7 [stenotype.cc:594] Setting up AF_PACKET sockets for packet reading
2月 07 10:35:41 cinghoo stenographer[16617]: 2021-02-07T02:35:41.652919Z T:fb1de7 [stenotype.cc:262] Dropping privileges
2月 07 10:35:41 cinghoo stenographer[16617]: 2021-02-07T02:35:41.653621Z T:78f447 [stenotype.cc:466] Thread 0 starting to process packets
2月 07 10:35:41 cinghoo stenographer[16617]: 2021-02-07T02:35:41.674132Z T:78f447 [aio.cc:190] Opening packet file /tmp/stenographer336182395/PKT0/.1612...653707: 4
Hint: Some lines were ellipsized, use -l to show in full.

23.至此安装完毕
PS：补充配置
虚拟机 ubuntu18.04.5
内存13G
2处理器4核，共8核心
双网卡
硬盘300G