[Snort-devel] "stuck at RHEL5"?
onelson at ...2499...
Tue Mar 22 14:27:46 EDT 2011
Perhaps the issue of packaging could be solved by the community (this is
free software, after all).
The sourcefire team have done an excellent job at keeping the product moving
forward, I don't see why they should have to deal with this. Maybe that's
There's no rocket science to setting up sources for yum/apt repos, and since
most of us build from source on various platforms anyway it seems like all
that's missing is a venue to "contribute" built binaries. Launchpad is an
obvious place to start for the ubuntu/debian crowd. For yum, I'm not sure.
Part of the problem here is that the config you run snort with has to know
things about the version you're running (if that makes sense). This means
you need to know things about the version of snort you're running (or what
options it was configured and compiled with).
You can't expect to be able to have a conf, run yum update, restart snort,
and have everything work. Part of the issue is how to distribute these other
parts - this is partially why distributing source rather than binary makes
so much sense. The other part of the issue is enabling users by making it
possible to deploy sensors while knowing *less* about the workings of the
system may not be a good thing. That's not really for me to say though.
Personally, the first snort install I did was from rpm. Subsequent systems
were all compiled from source. I think there's a lot to be said for having a
say in how you compile. The dependencies are a lot more trivial to manage
(build from source) than they used to be. I haven't had any issues with that
in recent history.
I recently commented on twitter that I was planning on defecting - my
fedora installation was about to be replaced with ubuntu. I tweeted that I
wondered how snort would play with ubuntu - someone commented out of the
blue (as happens on twitter), "good luck with that". I actually didn't have
any issue getting it compiled at all, but I get that this is a barrier for
On a somewhat related note, I'm thinking a large reason for the *want* of
packaged compiled binaries is to get all that service/daemon stuff tied
together. I recently started doing things a little different -- I'm running
(and monitoring) all my snort (and barnyard2) processes using supervisord. I
think that's something to consider -- you don't really need the distros
themselves to be concerned with "integration".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel