[Snort-users] I am using Petrick harper's guide still have problems !!

Harper, Patrick patrick.harper at ...11593...
Mon Sep 13 12:58:26 EDT 2004


Simplest solution, build the sensors the exact same way as the manager
except do not do the "chkconfig mysqld on" or "chkconfig httpd on"  then
tell the manager to let the mysql snort user form the IP of the sensor
log to the snort database on the manager.  Then POOF it works. 


 
-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez at ...2210...] 
Sent: Monday, September 13, 2004 11:33 AM
To: Harper, Patrick
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
problems !!


The management server is working fine ( with acid and all that).

It is the sensor I have problem with.

Now I found:
root at ...12378... snortinstall]# rpm -ivh libssl-0.9.6i-alt1.i586.rpm
warning: libssl-0.9.6i-alt1.i586.rpm: V3 DSA signature: NOKEY, key ID
eac91ca0
error: Failed dependencies:
        /sbin/post_ldconfig is needed by libssl-0.9.6i-alt1
        /sbin/postun_ldconfig is needed by libssl-0.9.6i-alt1

Where can I find those two filles he needs ?

I just have a dependencies problem that's all...

Thanks Petrick

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper at ...11593...]
Sent: Monday, September 13, 2004 7:18 PM
To: Juan Fernandez; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
problems !!

Sounds like you did not install the OS per that doc.  If you follow it
end to end it will work.  Try getting one box up first before you go off
to try an enterprise deployment.  Just start with a system with nothing
on it.  Go page by page through the fedora core 1 doc at
www.internetsecurityguru.com and when you are done, if you followed
directions, you will have a working snort sensor.  Then you can start
deploying whatever else you want, but get one working first.  What you
are trying to do is like a child that has never ridden a bike wanting to
compete at the x-games.  Get on the tricycle first and then move on.
 
-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez at ...2210...]
Sent: Monday, September 13, 2004 7:54 AM
To: 'Patrick S. Harper'; 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] I am using Petrick harper's guide still have
problems !!


Hi !

I us fedora core 1 (now I am trying to install the sensor from the guide
of Patrick harper) .

When I try to install snort-mysql-2.1.3-0.fdr.1.i386.rpm I receive the
next:

[root at ...12378... snortinstall]# rpm -ivh
snort-mysql-2.1.3-0.fdr.1.i386.rpm
error: Failed dependencies:
        libmysqlclient.so.10 is needed by snort-mysql-2.1.3-0.fdr.1
[root at ...12378... snortinstall]# find / -name libmysqlclient.so.10
/usr/local/mysql/lib/mysql/libmysqlclient.so.10
/snortinstall/mysql-3.23.52/libmysql/.libs/libmysqlclient.so.10

I also tried to download and install
libmysqlclient12-4.0.20-67426cl.i386.rpm and this is what I recieved:

[root at ...12378... snortinstall]# rpm -ivh
libmysqlclient12-4.0.20-67426cl.i386.rpm
error: Failed dependencies:
        libcrypto.so.0.9.7 is needed by libmysqlclient12-4.0.20-67426cl
        libssl.so.0.9.7 is needed by libmysqlclient12-4.0.20-67426

Do I need to download crypto52 and install? the depandencies in really a
nightmare  !!!

Thanks !!

-----Original Message-----
From: Juan Fernandez
Sent: Monday, September 13, 2004 2:02 PM
To: 'Patrick S. Harper'; Juan Fernandez;
snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] guides on the snort site



How Give permissions ?

Sorry I new in linux.

Open ports you mean to oprn ports if the sensors and the management are
seperated with a Firewall in the middle?

Thanks !!


-----Original Message-----
From: Patrick S. Harper [mailto:patrick at ...4250...] 
Sent: Monday, September 13, 2004 1:51 PM
To: 'Juan Fernandez'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] guides on the snort site

The one I wrote (I would use the newer one on my site and not the RH9
one on
the snort.org site) can be easily modified for what you want.  Just open
the
ports and give permissions on the manager for the mysql users on the
sensors
to log in to the database. 




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light
the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Juan
Fernandez
Sent: Monday, September 13, 2004 3:34 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] guides on the snort site

Hi !

 

I looked for installing guides on the site.

 

I found guides that explain only installing the sensor and the
management on
the same machine.

 

I have (will have 4 sensors and one management) I use fedora.

 

Which guide to pick up?

 

Thanks!!!




-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 








Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list