[Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from source

Rob Munsch rmunsch at ...13744...
Thu Mar 30 10:44:04 EST 2006


Yah, sorry if i wasn't clear - i see all the files in snort-<ver>/etc, 
and did all that manually.  I was just wondering if it was supposed to 
happen automagically at install.

Frex, the included snort.conf gives the location of the rules dir as 
"../rules," which doesn't seem to fit the other assumptions.  The 
executable seems to go to /usr/local/bin via 'make install,' and like i 
said the manpage goes to the right place; it's the rest of the 
supporting cast i was wondering about.

Also, on the subject, the initscript is under the <source>/rpm directory 
sitting next to the snort.spec, as is the logrotate snippet and 
'snort.sysconfig,' and i'm not really sure why.  Having nothing to do 
with RPMs, it took me a while to think of poking around in there; due to 
the odd placement of those files and the lack of anything going to my 
own /etc/snort or /etc/init.d - which, you gotta admit, is not entirely 
unexpected behaviour - coupled with the docs assuming these things were 
in place, i assumed something had Gone Wrong.

Braley, Ron wrote:

>Rob,
>
>In my experience, the .conf files get extracted into the installation
>directory/etc (i.e. /usr/local/src/snort-2.4.4/etc).
>
>Not only should you see the snort.conf file there, but threshold.conf
>too.
>
>I think library files are put in the proper locations during the
>installation process - there's no need to do anything else but the
>following:
>
>a.  Put the executable file wherever you'd like it to be (/opt/snort/bin
>for us . . .)
>b.  Copy the snort.conf file from the extraction point/etc to wherever
>you'd like it to be (i.e. /opt/snort/etc/)
>c.  Download the rules and include this directory in the snort.conf file
>d.  Start snort (manually or automatically) - remember to include the
>location of the snort.conf file in the command (i.e.
>#/opt/snort/bin/snort -i eth5 -c /opt/snort/etc/snort.conf -D
>
>Hope that helps!
>
>Ron Braley, Berbee
>Datacenter Security Engineer
>
>
>
>-----Original Message-----
>From: snort-users-admin at lists.sourceforge.net
>[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rob Munsch
>Sent: Thursday, March 30, 2006 11:21 AM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from
>source
>
>'allo list,
>
>I've had an odd problem installing 2.4.4 from source.  conf/make/make 
>install goes smoothly, but only the binary itself - and the man page - 
>actually 'go anywhere.'
>
>I'm not sure if this is deliberate, but i've poked around the docs, 
>checked the faq, and burned black candles at midnight - no success.  
>Nothing goes to my /etc; no conf, nothing in init.d, nada.  Not the 
>snort.conf itself nor any of the secondary conf files, nor is a rules 
>dir created, nor /var/log/snort, etc.
>
>The docs seem to assume these things'll be in place when you run, but 
>there's no explicit manifesto of needed files.  I went and manually 
>moved stuff around, created the dirs and files needed, etc., but i was 
>sort of wondering about the whole thing.
>
>Ubuntu seems to want to apt me 2.3.2, and it looks like there's a slew 
>of bugfixes and whatnot in the 2.4 branch, so i'd rather go with latest 
>stable source.  Is there a reason the various config files, and assorted
>
>log/conf/rules directories, aren't created at install?  There doesn't 
>seem to be any reference to them in the makefile, tho my understanding 
>there is limited.
>
>Praying fervently not to have caused a drink or three,
>
>  
>


-- 
Rob Munsch
Solutions For Progress IT





More information about the Snort-users mailing list