Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 32bit snort rpm

From: "Lamont, Brian A." <Brian.Lamont () gd-ms com>
Date: Mon, 28 Sep 2015 20:12:05 +0000
daq is still needing  1.0.0      back to the beginning it looks like.

------
checking for libpcap version >= "1.0.0"... no

    ERROR!  Libpcap library version >= 1.0.0  not found.
    Get it from http://www.tcpdump.org
-----------

So I found these options and ran it.   But I'm not sure if it daq built "without" libpcap-1.0.0, and instead, or WITH 
the 1.7.4 library in /usr/local/lib,  which seemed like a default but specified it anyway.   Libpcap install config.log 
completed without errors.    Do any of you see an issue with the way this built?

./configure --disable-pcap-module --with-libpcap-libraries=/usr/local/lib


From: Lamont, Brian A.
Sent: Monday, September 28, 2015 12:50 PM
To: Lamont, Brian A.; Al Lewis (allewi); Russ Combs (rucombs); Michael Steele
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] 32bit snort rpm

Got it to go with -enable-dbus=no.

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Monday, September 28, 2015 12:39 PM
To: Al Lewis (allewi); Russ Combs (rucombs); Michael Steele
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] 32bit snort rpm

I uninstalled libpcap 1.0.0 using make uninstall.   Please let me know if this is complete clean removal.    But during 
make install of version 1.7 it errored below.  Anyone seen this before?

./pcap-dbus.c: In function 'dbus_write':
./pcap-dbus.c:111: error: 'DBUS_ERROR_INIT' undeclared (first use in this function)
./pcap-dbus.c:111: error: (Each undeclared identifier is reported only once
./pcap-dbus.c:111: error: for each function it appears in.)
./pcap-dbus.c: In function 'dbus_activate':
./pcap-dbus.c:165: error: 'DBUS_ERROR_INIT' undeclared (first use in this function)
make: *** [pcap-dbus.o] Error 1

From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Monday, September 28, 2015 9:46 AM
To: Lamont, Brian A.; Russ Combs (rucombs); Michael Steele
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

Try this..

Unistall libpcap.

Then get it from tcpdump.org

http://www.tcpdump.org/#latest-release

Libpcap version 1.7 is available.



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Monday, September 28, 2015 12:21 PM
To: Al Lewis (allewi); Russ Combs (rucombs); Michael Steele
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

Tried that.    And Redhat apparently does not have the 1.0.0 available, which is odd given the "...years ago..." 
reference below.     It may be part of another channel we are not subscribed to so I will open a case with them for 
that.

This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Package 14:libpcap-devel-0.9.4-15.el5.i386 already installed and latest version
Nothing to do

From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Monday, September 28, 2015 9:17 AM
To: Lamont, Brian A.; Russ Combs (rucombs); Michael Steele
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

For redhat libpcap devel is:

"yum install libpcap-devel"



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Monday, September 28, 2015 12:00 PM
To: Russ Combs (rucombs); Al Lewis (allewi); Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () 
lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

Ok I'm back at this again.   To recap, I'm trying to build snort 32bit on rhel 5.11, but running in to dependency 
problems.   While starting a rpmbuild of daq, I started seeing errors.   Below is what ldd snort shows on 64 linux.   I 
found another site that suggested installing libpcap-devel so that libpcap would build, then install daq, and then 
snort.     But I have not been able to find libpcap-devel source pkg to download for Rhel 5 32bit.


Here is how my install of libpcap-1.0.0 finishes and appears
----------------------------------------------------------
                /usr/bin/install -c -m 644 ./$i \
                    /usr/local/share/man/man3/$i; done
ln /usr/local/share/man/man3/pcap_datalink_val_to_name.3pcap \
                 /usr/local/share/man/man3/pcap_datalink_val_to_description.3pcap
ln: creating hard link `/usr/local/share/man/man3/pcap_datalink_val_to_description.3pcap' to 
`/usr/local/share/man/man3/pcap_datalink_val_to_name.3pcap': File exists
make: *** [install] Error 1


But my daq install errors unable to find libpcap
---------------------------------------------------------
checking for libpcap version >= "1.0.0"... no

    ERROR!  Libpcap library version >= 1.0.0  not found.
    Get it from http://www.tcpdump.org



[root@linux1 ~]# ldd /usr/local/bin/snort
        linux-vdso.so.1 =>  (0x00007fffb7ffd000)
        libdnet.1 => /usr/lib64/libdnet.1 (0x00002ba25825d000)
        libpcre.so.0 => /lib64/libpcre.so.0 (0x00002ba25846d000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00002ba25868c000)
        libuuid.so.1 => /lib64/libuuid.so.1 (0x00002ba2588a5000)
        libm.so.6 => /lib64/libm.so.6 (0x00002ba258aa9000)
        libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002ba258d2c000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00002ba25907f000)
        libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x00002ba259283000)
        libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x00002ba2594a6000)
        libz.so.1 => /lib64/libz.so.1 (0x00002ba2596e1000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00002ba2598f5000)
        libc.so.6 => /lib64/libc.so.6 (0x00002ba259b11000)
        /lib64/ld-linux-x86-64.so.2 (0x00002ba25803f000)


[root@linux1 ~]# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.7.0 GRE (Build 149)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.6.2
           Using PCRE version: 6.6 06-Feb-2006
           Using ZLIB version: 1.2.3

From: Russ [mailto:rucombs () cisco com]
Sent: Tuesday, September 15, 2015 3:18 PM
To: Lamont, Brian A.; Al Lewis (allewi); Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () 
lists sourceforge net>
Subject: Re: [Snort-users] 32bit snort rpm


On 9/15/15 5:43 PM, Lamont, Brian A. wrote:
So I'm a failure at building from the source rpm of daq, and pretty  darn new to building rpms, so my next attempt 
below is to build from source, and that didn't go well.

[root@x88022 snort]# rpmbuild --rebuild daq-2.0.6-1.src.rpm
Installing daq-2.0.6-1.src.rpm
error: unpacking of archive failed on file /usr/src/redhat/SOURCES/daq-2.0.6.tar.gz;55f88cd3: cpio: MD5 sum mismatch
error: daq-2.0.6-1.src.rpm cannot be installed


From source:

----------------
[root@x88022 snort]# cd daq-2.0.6
[root@x88022 daq-2.0.6]# vi README
[root@x88022 daq-2.0.6]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
.
.  ...omitted..
..
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
checking for linux/netfilter.h... (cached) yes
checking for pcap.h... (cached) yes
checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... (cached) yes
checking for libpcap version >= "1.0.0"... no

    ERROR!  Libpcap library version >= 1.0.0  not found.
    Get it from http://www.tcpdump.org


Current version of libpcap -  same version on 64bit hosts and they work fine.
---------------------------------
[root@x88022 daq-2.0.6]# rpm -qa |grep libpcap
libpcap-devel-0.9.4-15.el5
libpcap-0.9.4-15.el5
We started requiring 1.0.0+ years ago.  On those 64-bit hosts, what does ldd snort show?  Is that where rpm installed 
those?  You can also check snort -V to see the version.




From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Tuesday, September 15, 2015 12:05 PM
To: Lamont, Brian A.; Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

You should be able to build from source but you need the daq installed first.


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Tuesday, September 15, 2015 10:39 AM
To: Al Lewis (allewi); Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

I am needing to install snort on approx.. 25 32bit Rhel (Redhat Linux) 5 servers


From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Monday, September 14, 2015 7:10 PM
To: Lamont, Brian A.; Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] 32bit snort rpm

Are you trying to install on windows or *nix?

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Monday, September 14, 2015 7:00 PM
To: Michael Steele; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] 32bit snort rpm

But I should be able to build from source, at least according to one of the README files, correct?   I have started one 
build after installing the libpcap and other prereqs, and it started to take off and look like a build, then failed for 
the error below.   Where can I find the sfbpf library?


[root@x88022 snort]# rpmbuild -ta snort-2.9.7.5.tar.gz
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.9801
+ umask 022
+ cd /usr/src/redhat/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /usr/src/redhat/BUILD
+ rm -rf snort-2.9.7.5
+ /usr/bin/gzip -dc /var/tmp/snort/snort-2.9.7.5.tar.gz

.
..
checking for INADDR_NONE... yes
checking for __FUNCTION__... yes
checking for sfbpf_compile in -lsfbpf... no

   ERROR!  sfbpf library not found, go get it from
   http://www.snort.org/.
error: Bad exit status from /var/tmp/rpm-tmp.9801 (%build)

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.9801 (%build)



From: Michael Steele [mailto:michaels () winsnort com]
Sent: Monday, September 14, 2015 3:37 PM
To: Lamont, Brian A.
Subject: RE: [Snort-users] 32bit snort rpm

Snort is 32bit for Window, but the remainder of the support programs are 64bit. There are 32bit and 64bit installation 
tutorials for Windows.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

From: Lamont, Brian A. [mailto:Brian.Lamont () gd-ms com]
Sent: Monday, September 14, 2015 6:22 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] 32bit snort rpm

I am needing to install snort on approx.. 25 32bit Rhel 5 servers.  I see there is a 64bit rpm on the website.   Is 
there a 32bit package available?


Brian Lamont
Unix Systems Admin

[Mission-Systems-logo-2col]
Desk:  480 586-9986
Cell:     480 209-8751
brian.lamont () gd-ms com<mailto:brian.lamont () gd-ms com>

This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is 
intended to be accessed only by authorized recipients.  Use, storage and transmission are governed by General Dynamics 
and its policies. Contractual restrictions apply to third parties.  Recipients should refer to the policies or contract 
to determine proper handling.  Unauthorized review, use, disclosure or distribution is prohibited.  If you are not an 
intended recipient, please contact the sender and destroy all copies of the original message.



------------------------------------------------------------------------------


_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users



Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: