[Snort-users] 32bit snort rpm

Russ rucombs at ...589...
Mon Sep 28 12:44:43 EDT 2015



On 9/28/15 12:20 PM, Lamont, Brian A. wrote:
>
> Tried that. And Redhat apparently does not have the 1.0.0 available, 
> which is odd given the “…years ago…” reference below.     It may be 
> part of another channel we are not subscribed to so I will open a case 
> with them for that.
>
> This system is receiving updates from RHN Classic or RHN Satellite.
>
> Setting up Install Process
>
> Package 14:libpcap-devel-0.9.4-15.el5.i386 already installed and 
> latest version
>
> Nothing to do
>
> *From:*Al Lewis (allewi) [mailto:allewi at ...589...]
> *Sent:* Monday, September 28, 2015 9:17 AM
> *To:* Lamont, Brian A.; Russ Combs (rucombs); Michael Steele
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> For redhat libpcap devel is:
>
> “yum install libpcap-devel”
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi at ...589... <mailto:allewi at ...589...>
>
> *From:*Lamont, Brian A. [mailto:Brian.Lamont at ...17273...]
> *Sent:* Monday, September 28, 2015 12:00 PM
> *To:* Russ Combs (rucombs); Al Lewis (allewi); Michael Steele; 
> snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> Ok I’m back at this again.   To recap, I’m trying to build snort 32bit 
> on rhel 5.11, but running in to dependency problems.   While starting 
> a rpmbuild of daq, I started seeing errors.   Below is what ldd snort 
> shows on 64 linux.   I found another site that suggested installing 
> libpcap-devel so that libpcap would build, then install daq, and then 
> snort.     But I have not been able to find libpcap-devel source pkg 
> to download for Rhel 5 32bit.
>
> Here is how my install of libpcap-1.0.0 finishes and appears
>
> ----------------------------------------------------------
>
> /usr/bin/install -c -m 644 ./$i \
>
> /usr/local/share/man/man3/$i; done
>
> ln /usr/local/share/man/man3/pcap_datalink_val_to_name.3pcap \
>
> /usr/local/share/man/man3/pcap_datalink_val_to_description.3pcap
>
> ln: creating hard link 
> `/usr/local/share/man/man3/pcap_datalink_val_to_description.3pcap' to 
> `/usr/local/share/man/man3/pcap_datalink_val_to_name.3pcap': File exists
>
> make: *** [install] Error 1
>
Did you use these DAQ configure options to ensure that it picks up the 
newer version?

   --with-libpcap-includes=DIR    libpcap include directory
   --with-libpcap-libraries=DIR   libpcap library directory

Other things to check:

* Since the make install errored out, double check that the lib and 
headers were actually installed.
* Check config.log for more details on what exactly was tried and failed.
* ldconfig ?
* Also, why build 1.0 at this point?  There are much newer versions, 
like for your 64-bit.
>
> But my daq install errors unable to find libpcap
>
> ---------------------------------------------------------
>
> checking for libpcap version >= "1.0.0"... no
>
>     ERROR! Libpcap library version >= 1.0.0  not found.
>
>     Get it from http://www.tcpdump.org <http://www.tcpdump.org>
>
> [root at ...17321... ~]# ldd /usr/local/bin/snort
>
> linux-vdso.so.1 =>  (0x00007fffb7ffd000)
>
> libdnet.1 => /usr/lib64/libdnet.1 (0x00002ba25825d000)
>
> libpcre.so.0 => /lib64/libpcre.so.0 (0x00002ba25846d000)
>
> libnsl.so.1 => /lib64/libnsl.so.1 (0x00002ba25868c000)
>
> libuuid.so.1 => /lib64/libuuid.so.1 (0x00002ba2588a5000)
>
> libm.so.6 => /lib64/libm.so.6 (0x00002ba258aa9000)
>
> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002ba258d2c000)
>
> libdl.so.2 => /lib64/libdl.so.2 (0x00002ba25907f000)
>
> libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x00002ba259283000)
>
> libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x00002ba2594a6000)
>
> libz.so.1 => /lib64/libz.so.1 (0x00002ba2596e1000)
>
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00002ba2598f5000)
>
> libc.so.6 => /lib64/libc.so.6 (0x00002ba259b11000)
>
> /lib64/ld-linux-x86-64.so.2 (0x00002ba25803f000)
>
> [root at ...17321... ~]# snort -V
>
>    ,,_ -*> Snort! <*-
>
>   o"  )~ Version 2.9.7.0 GRE (Build 149)
>
>    ''''    By Martin Roesch & The Snort Team: 
> http://www.snort.org/contact#team
>
> Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
>
> Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>
> *Using libpcap version 1.6.2*
>
> Using PCRE version: 6.6 06-Feb-2006
>
> Using ZLIB version: 1.2.3
>
> *From:*Russ [mailto:rucombs at ...589...]
> *Sent:* Tuesday, September 15, 2015 3:18 PM
> *To:* Lamont, Brian A.; Al Lewis (allewi); Michael Steele; 
> snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* Re: [Snort-users] 32bit snort rpm
>
> On 9/15/15 5:43 PM, Lamont, Brian A. wrote:
>
>     So I’m a failure at building from the source rpm of daq, and
>     pretty  darn new to building rpms, so my next attempt below is to
>     build from source, and that didn’t go well.
>
>     [root at ...17307... snort]# rpmbuild --rebuild daq-2.0.6-1.src.rpm
>
>     Installing daq-2.0.6-1.src.rpm
>
>     error: unpacking of archive failed on file
>     /usr/src/redhat/SOURCES/daq-2.0.6.tar.gz;55f88cd3: cpio: MD5 sum
>     mismatch
>
>     error: daq-2.0.6-1.src.rpm cannot be installed
>
>     From source:
>
>     ----------------
>
>     [root at ...17307... snort]# cd daq-2.0.6
>
>     [root at ...17307... daq-2.0.6]# vi README
>
>     [root at ...17307... daq-2.0.6]# ./configure
>
>     checking for a BSD-compatible install... /usr/bin/install -c
>
>     checking whether build environment is sane... yes
>
>     checking for a thread-safe mkdir -p... /bin/mkdir -p
>
>     checking for gawk... gawk
>
>     .
>
>     .  …omitted..
>
>     ..
>
>     checking libnetfilter_queue/libnetfilter_queue.h presence... no
>
>     checking for libnetfilter_queue/libnetfilter_queue.h... no
>
>     checking for linux/netfilter.h... (cached) yes
>
>     checking for pcap.h... (cached) yes
>
>     checking for pcap_lib_version... checking for pcap_lib_version in
>     -lpcap... (cached) yes
>
>     checking for libpcap version >= "1.0.0"... no
>
>         ERROR! Libpcap library version >= 1.0.0  not found.
>
>         Get it from http://www.tcpdump.org <http://www.tcpdump.org>
>
>     Current version of libpcap -  same version on 64bit hosts and they
>     work fine.
>
>     ---------------------------------
>
>     [root at ...17307... daq-2.0.6]# rpm -qa |grep libpcap
>
>     libpcap-devel-0.9.4-15.el5
>
>     libpcap-0.9.4-15.el5
>
> We started requiring 1.0.0+ years ago.  On those 64-bit hosts, what 
> does ldd snort show?  Is that where rpm installed those?  You can also 
> check snort -V to see the version.
>
> *From:*Al Lewis (allewi) [mailto:allewi at ...589...]
> *Sent:* Tuesday, September 15, 2015 12:05 PM
> *To:* Lamont, Brian A.; Michael Steele; 
> snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> You should be able to build from source but you need the daq installed 
> first.
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi at ...589... <mailto:allewi at ...589...>
>
> *From:*Lamont, Brian A. [mailto:Brian.Lamont at ...17273...]
> *Sent:* Tuesday, September 15, 2015 10:39 AM
> *To:* Al Lewis (allewi); Michael Steele; 
> snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> I am needing to install snort on approx.. 25 32bit *Rhel (Redhat 
> Linux)*5 servers
>
> *From:*Al Lewis (allewi) [mailto:allewi at ...589...]
> *Sent:* Monday, September 14, 2015 7:10 PM
> *To:* Lamont, Brian A.; Michael Steele; 
> snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> Are you trying to install on windows or *nix?
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi at ...589... <mailto:allewi at ...589...>
>
> *From:*Lamont, Brian A. [mailto:Brian.Lamont at ...17273...]
> *Sent:* Monday, September 14, 2015 7:00 PM
> *To:* Michael Steele; snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* Re: [Snort-users] 32bit snort rpm
>
> But I should be able to build from source, at least according to one 
> of the README files, correct?   I have started one build after 
> installing the libpcap and other prereqs, and it started to take off 
> and look like a build, then failed for the error below.   Where can I 
> find the sfbpf library?
>
> [root at ...17307... snort]# rpmbuild -ta snort-2.9.7.5.tar.gz
>
> Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.9801
>
> + umask 022
>
> + cd /usr/src/redhat/BUILD
>
> + LANG=C
>
> + export LANG
>
> + unset DISPLAY
>
> + cd /usr/src/redhat/BUILD
>
> + rm -rf snort-2.9.7.5
>
> + /usr/bin/gzip -dc /var/tmp/snort/snort-2.9.7.5.tar.gz
>
> .
>
> ..
>
> checking for INADDR_NONE... yes
>
> checking for __FUNCTION__... yes
>
> checking for sfbpf_compile in -lsfbpf... no
>
>    ERROR! sfbpf library not found, go get it from
>
> http://www.snort.org/ <http://www.snort.org/>.
>
> error: Bad exit status from /var/tmp/rpm-tmp.9801 (%build)
>
> RPM build errors:
>
>     Bad exit status from /var/tmp/rpm-tmp.9801 (%build)
>
> *From:*Michael Steele [mailto:michaels at ...9077...]
> *Sent:* Monday, September 14, 2015 3:37 PM
> *To:* Lamont, Brian A.
> *Subject:* RE: [Snort-users] 32bit snort rpm
>
> Snort is 32bit for Window, but the remainder of the support programs 
> are 64bit. There are 32bit and 64bit installation tutorials for Windows.
>
> Kindest regards,
>
> Michael...
>
> WINSNORT.com Management Team Member
>
> --
>
> ****************** Established ~ 2001 *******************
>
> * Visit Us @ http://www.winsnort.com *
>
> * ~~ FREE WinIDS Snort installation guides ~~      *
>
> * ~~ FREE support forums ~~               *
>
> * Snort: Open Source Network IDS - http://www.snort.org *
>
> *********************************************************
>
> *From:* Lamont, Brian A. [mailto:Brian.Lamont at ...17273...]
> *Sent:* Monday, September 14, 2015 6:22 PM
> *To:* snort-users at lists.sourceforge.net 
> <mailto:snort-users at lists.sourceforge.net>
> *Subject:* [Snort-users] 32bit snort rpm
>
> I am needing to install snort on approx.. 25 32bit Rhel 5 servers.  I 
> see there is a 64bit rpm on the website.   Is there a 32bit package 
> available?
>
> */Brian Lamont/*
>
> *_Unix Systems Admin_*
>
> Mission-Systems-logo-2col
>
> *Desk: 480 586-9986*
>
> *Cell: 480 209-8751*
>
> brian.lamont at ...17273... <mailto:brian.lamont at ...17273...>
>
> This message and/or attachments may include information subject to GD 
> Corporate Policies 07-103 and 07-105 and is intended to be accessed 
> only by authorized recipients.  Use, storage and transmission are 
> governed by General Dynamics and its policies. Contractual 
> restrictions apply to third parties. Recipients should refer to the 
> policies or contract to determine proper handling.  Unauthorized 
> review, use, disclosure or distribution is prohibited.  If you are not 
> an intended recipient, please contact the sender and destroy all 
> copies of the original message.
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> <mailto:Snort-users at lists.sourceforge.net>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visithttp://blog.snort.org  to stay current on all the latest Snort news!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150928/5b2fdcd4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2378 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150928/5b2fdcd4/attachment.jpe>


More information about the Snort-users mailing list