[Snort-users] Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0

Will Metcalf william.metcalf at ...11827...
Fri Aug 25 18:35:45 EDT 2006


Well kind of..... No it doesn't work on Solaris, you need to follow these
directions when dealing with redhat.....  Not sure about SUSE never used
it.

Regards,

Will


   - Question:  I am having problems compiling snort_inline.  Here is a
   sample of the error messages I get during compilation:

gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
 -I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors  -I/usr/include
-g -O2 -Wall -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f 'spo_alert_fast.c'
|| echo './'`spo_alert_fast.c
In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10,
                 from /usr/include/libipq.h:37,
                 from ../../src/inline.h:8,
                 from ../../src/snort.h:38,
                 from spo_alert_fast.c:51:
/usr/include/linux/if.h:59: redefinition of `struct ifmap'
/usr/include/linux/if.h:77: redefinition of `struct ifreq'
/usr/include/linux/if.h:126: redefinition of `struct ifconf'
make[3]: *** [spo_alert_fast.o] Error 1
make[3]: Leaving directory
`/home/matt/src/BUILD/snort-2.0.5/src/output-plugins'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5'
make: *** [all] Error 2

Answer:  You need to update the kernel headers used by your glibc.  A quick
fix is to create a link between /usr/include and the include directory of
your kernel source.  For example, if you are trying to use this with kernel
version 2.4.24, you can do the following:

cd /usr/include
mv linux linux.orig
ln -s /usr/src/linux-2.4.24/include/linux linux

Now simply go to your snort_inline directory and recompile (make clean
first).

** That is, point to a set of "real" kernel includes instead of RH's
glibc-kernheaders package. **

On 8/25/06, Joel Esler <joel.esler at ...1935...> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You are exactly right.  Compile the latest version of Snort --enable-
> inline, and there you have it.
>
> J
>
> On Aug 25, 2006, at 3:35 PM, Escudero, Peter Louis wrote:
>
> > Greetings. Does inline-snort work with Solaris 10, SuSE 9.x/10.x &
> > RedHat Enterprise Linux 3.0? How/where do I get the latest version?
> > I found v1.9.1-2 on the snort website, but it's dated April 2003.
> > Do I just compile the latest snort with the option "--enable-
> > inline"? Any info you can provide will be greatly appreciated.
> >
> > Thanks,
> >
> > Peter Escudero
> >
> > ----------------------------------------------------------------------
> > ---
> > Using Tomcat but need to do more? Need to support web services,
> > security?
> > Get stuff done quickly with pre-integrated technology to make your
> > job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > Geronimo
> > http://sel.as-us.falkag.net/sel?
> > cmd=lnk&kid=120709&bid=263057&dat=121642______________________________
> > _________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> +---------------------------------------------------------------------+
> joel esler          senior security consultant         1-706-627-2101
> Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
>         Snort - Open Source Network IPS/IDS -- http://www.snort.org
>           gpg key: http://demo.sourcefire.com/jesler.pgp.key
>             aim:eslerjoel  ymsg:eslerjoel gtalk:eslerj
> +---------------------------------------------------------------------+
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iD8DBQFE73RZKbCSyXHckt4RArfSAJ9VCGrqSZbo/7wxVPPM+6OXvnqbSgCfVdRD
> YcZV1ZdkQteeOpt2AX5Qx3s=
> =g/rY
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060825/938e53ef/attachment.html>


More information about the Snort-users mailing list