[Snort-users] UPDATE: flexresp2 (new and improved active response for Snort)

Francis A. Vidal francisv-sender-58ad63 at ...8942...
Thu Sep 4 18:58:05 EDT 2003


Jeff, 

The snort version on FreeBSD 4.8-STABLE is 2.0.1, I got some rejects on file
configure.in when I applied your patch:

***************
*** 258,264 ****
        [with_libpcap_includes="$withval"],[with_libpcap_includes=no])

  AC_ARG_WITH(libpcap_libraries,
-       [  --with-libpcap-libraries=DIR  libpcap library directory],
        [with_libpcap_libraries="$withval"],[with_libpcap_libraries=no])

  if test "$with_libpcap_includes" != "no"; then
--- 258,264 ----
        [with_libpcap_includes="$withval"],[with_libpcap_includes=no])

  AC_ARG_WITH(libpcap_libraries,
+       [  --with-libpcap-libraries=DIR libpcap library directory],
        [with_libpcap_libraries="$withval"],[with_libpcap_libraries=no])

  if test "$with_libpcap_includes" != "no"; then

Other rejects:

./src/win32/WIN32-Prj/snort.dsp.rej
./src/win32/WIN32-Prj/snort.dsw.rej
./src/win32/WIN32-Prj/snort.mak.rej

It also warns me with:

cd . && /bin/sh /usr/ports/security/snort/work/snort-2.0.1/missing --run
aclocal-1.6
aclocal-1.6: not found
WARNING: `aclocal-1.6' is needed, and you do not seem to have it handy on
your
         system.  You might have modified some files without having the
         proper tools for further handling them.  Check the `README' file,
         it often tells you about the needed prerequirements for installing
         this package.  You may also peek at any GNU archive site, in case
         some other package would contain this missing `aclocal-1.6'
program.
*** Error code 1

But I have aclocal in /usr/local/bin:

aclocal (GNU automake) 1.5

-----Original Message-----
From: Jeff Nathan [mailto:jeff at ...950...] 
Sent: Friday, September 05, 2003 1:41 AM
To: Francis A. Vidal
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] UPDATE: flexresp2 (new and improved active
response for Snort)

WARNING: Unsanitized content follows.

WARNING: Unsanitized content follows.

WARNING: Unsanitized content follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thursday, September 4, 2003, at 04:49 AM, Francis A. Vidal wrote:

> Jeff,
>
> Any chance you can make the patch work cleanly with the FreeBSD port?
> Thanks.

Francis,

This is mostly dependent upon which version of Snort is in the FreeBSD 
ports tree.  If it's a relatively recent version you should be able to 
run "make extract" on the Snort port and once that has finished apply 
the patch I created.  After you've applied the patch you'll have to 
edit the port's Makefile and either add a flavor for flexresp2 or 
modify the flexresp flavor to pass "--enable-flexresp2" instead of 
"--enable-flexresp".

I don't have a FreeBSD box handy, I'm not sure which version of FreeBSD 
you're running and I'm not sure which version of Snort they've got in 
their ports tree.  However, you should be able to get this working 
without too much trouble.

- -Jeff

- --
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/V3k6Eqr8+Gkj0/0RAiJQAKC79jakbw5AIO85uj7XtKKH/fX7nACgqJPj
01Yl5Yo2t4olNNLrHc/vfZc=
=Ddyo
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list