1. Installation

Contents

• Installation
  • Prerequisites
  • Getting the Code
  • Compiling the HILTI framework
  • Docker Image
  • Editors

1.1. Prerequisites

The HILTI framework is developed on 64-bit Linux and MacOS, and will most likely not work on other platforms currently.

To compile the framework, you need LLVM 3.9 and Clang 3.9 from http://llvm.org, along with C++11-compatible standard libraries.

For Bro integration:

• Bro 2.5, compiled from source (http://www.bro.org)

For unit testing:

• BTest (http://www.bro-ids.org/documentation-git/components/btest/README.html)

For generating the documentation:

• Sphinx 1.3 (http://sphinx.pocoo.org):

  > easy_install sphinx
  

1.2. Getting the Code

Clone the git repository:

> git clone git://www.icir.org/hilti

There’s also a mirror on github, which you can browse directly.

1.3. Compiling the HILTI framework

Note

HILTI doesn’t have any installation framework yet, it’s best run just right ouf of the repository. This will eventually change.

Compiling HILTI itself should be straight-forward once all prerequisites are available. Just run make in the top-level directory:

> cd hilti
> ./configure
> make

If you want to compile the included Bro plugin as well, you also need to tell ``configure where your Bro source tree is:

> ./configure --bro-dist=/path/to/your/bro/tree

Next, you should see if two simple tests succeed:

> cd tests
> make hello-worlds
all 2 tests successful

If there’s a problem, diag.log will contain debugging output.

Just typing make in tests/ will run the full test-suite. Generally, the majority should succeeed. However, as things are still in flux, some may be expected to fail.

As the HILTI tools aren’t installed anywhere system-wide yet, you may want to link to them from some directory that’s in your PATH, such as:

> export PATH=$HOME/bin:$PATH
> ln -s build/tools/{hiltic,hilti-config,hiltip,spicyc,spicy-config} $HOME/bin
> ln -s build/tools/spicy-driver/spicy-driver $HOME/bin
> ln -s build/tools/spicy-dump/spicy-dump $HOME/bin
> ln -s tools/hilti-build $HOME/bin

In the remainder of this documentation, we assume that these tools are indeed found in the PATH.

1.4. Docker Image

There’s also a Docker image available that comes with all pieces preinstalled (HILTI/Spicy, Bro, LLVM/clang):

# docker run -i -t "rsmmr/hilti"
HILTI 0.5
Spicy 0.5
root@830b7bdd1491:~# spicy-driver hello-world.spicy
Hello, world!
root@830b7bdd1491:~# bro -NN Bro::Hilti
Bro::Hilti - Dynamically compiled HILTI/Spicy functionality (*.spicy,
[...]
root@830b7bdd1491:~# bro hello-world.spicy
Hello, world!
root@830b7bdd1491:~# bro -r ssh-single-conn.trace ./ssh-banner.bro ssh.evt
SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp,
resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1
SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp,
resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1

To build the Docker image yourself from the supplied Dockerfile, you can use the make target:

# make docker-build

1.5. Editors

Syntax highlighting support for spicy files is available in Vim and Emacs through the following plugins:

• vim-spicy for Vim; and
• emacs-spicy for Emacs.