[Snort-devel] "stuck at RHEL5"?

onelson onelson at ...2499...
Tue Mar 22 14:27:46 EDT 2011

Perhaps the issue of packaging could be solved by the community (this is 
free software, after all). 
The sourcefire team have done an excellent job at keeping the product moving 
forward, I don't see why they should have to deal with this. Maybe that's 
just me.
There's no rocket science to setting up sources for yum/apt repos, and since 
most of us build from source on various platforms anyway it seems like all 
that's missing is a venue to "contribute" built binaries. Launchpad is an 
obvious place to start for the ubuntu/debian crowd. For yum, I'm not sure.

Part of the problem here is that the config you run snort with has to know 
things about the version you're running (if that makes sense). This means 
you need to know things about the version of snort you're running (or what 
options it was configured and compiled with).
You can't expect to be able to have a conf, run yum update, restart snort, 
and have everything work. Part of the issue is how to distribute these other 
parts - this is partially why distributing source rather than binary makes 
so much sense. The other part of the issue is enabling users by making it 
possible to deploy sensors while knowing *less* about the workings of the 
system may not be a good thing. That's not really for me to say though.

Personally, the first snort install I did was from rpm. Subsequent systems 
were all compiled from source. I think there's a lot to be said for having a 
say in how you compile. The dependencies are a lot more trivial to manage 
(build from source) than they used to be. I haven't had any issues with that 
in recent history.
I recently commented on twitter that I was planning on defecting -  my 
fedora installation was about to be replaced with ubuntu. I tweeted that I 
wondered how snort would play with ubuntu - someone commented out of the 
blue (as happens on twitter), "good luck with that". I actually didn't have 
any issue getting it compiled at all, but I get that this is a barrier for 

On a somewhat related note, I'm thinking a large reason for the *want* of 
packaged compiled binaries is to get all that service/daemon stuff tied 
together. I recently started doing things a little different -- I'm running 
(and monitoring) all my snort (and barnyard2) processes using supervisord. I 
think that's something to consider -- you don't really need the distros 
themselves to be concerned with "integration".

Owen Nelson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110322/e3d668e6/attachment.html>

More information about the Snort-devel mailing list