[Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from source
rmunsch at ...13744...
Thu Mar 30 10:44:04 EST 2006
Yah, sorry if i wasn't clear - i see all the files in snort-<ver>/etc,
and did all that manually. I was just wondering if it was supposed to
happen automagically at install.
Frex, the included snort.conf gives the location of the rules dir as
"../rules," which doesn't seem to fit the other assumptions. The
executable seems to go to /usr/local/bin via 'make install,' and like i
said the manpage goes to the right place; it's the rest of the
supporting cast i was wondering about.
Also, on the subject, the initscript is under the <source>/rpm directory
sitting next to the snort.spec, as is the logrotate snippet and
'snort.sysconfig,' and i'm not really sure why. Having nothing to do
with RPMs, it took me a while to think of poking around in there; due to
the odd placement of those files and the lack of anything going to my
own /etc/snort or /etc/init.d - which, you gotta admit, is not entirely
unexpected behaviour - coupled with the docs assuming these things were
in place, i assumed something had Gone Wrong.
Braley, Ron wrote:
>In my experience, the .conf files get extracted into the installation
>directory/etc (i.e. /usr/local/src/snort-2.4.4/etc).
>Not only should you see the snort.conf file there, but threshold.conf
>I think library files are put in the proper locations during the
>installation process - there's no need to do anything else but the
>a. Put the executable file wherever you'd like it to be (/opt/snort/bin
>for us . . .)
>b. Copy the snort.conf file from the extraction point/etc to wherever
>you'd like it to be (i.e. /opt/snort/etc/)
>c. Download the rules and include this directory in the snort.conf file
>d. Start snort (manually or automatically) - remember to include the
>location of the snort.conf file in the command (i.e.
>#/opt/snort/bin/snort -i eth5 -c /opt/snort/etc/snort.conf -D
>Hope that helps!
>Ron Braley, Berbee
>Datacenter Security Engineer
>From: snort-users-admin at lists.sourceforge.net
>[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Rob Munsch
>Sent: Thursday, March 30, 2006 11:21 AM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from
>I've had an odd problem installing 2.4.4 from source. conf/make/make
>install goes smoothly, but only the binary itself - and the man page -
>actually 'go anywhere.'
>I'm not sure if this is deliberate, but i've poked around the docs,
>checked the faq, and burned black candles at midnight - no success.
>Nothing goes to my /etc; no conf, nothing in init.d, nada. Not the
>snort.conf itself nor any of the secondary conf files, nor is a rules
>dir created, nor /var/log/snort, etc.
>The docs seem to assume these things'll be in place when you run, but
>there's no explicit manifesto of needed files. I went and manually
>moved stuff around, created the dirs and files needed, etc., but i was
>sort of wondering about the whole thing.
>Ubuntu seems to want to apt me 2.3.2, and it looks like there's a slew
>of bugfixes and whatnot in the 2.4 branch, so i'd rather go with latest
>stable source. Is there a reason the various config files, and assorted
>log/conf/rules directories, aren't created at install? There doesn't
>seem to be any reference to them in the makefile, tho my understanding
>there is limited.
>Praying fervently not to have caused a drink or three,
Solutions For Progress IT
More information about the Snort-users