LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-26-2010, 11:53 AM   #1
Tytosi
LQ Newbie
 
Registered: Dec 2010
Posts: 6

Rep: Reputation: 0
data Aquisition API configuration to complete snort installation


i need to install snort on my laptop with UBUNTU. i failed to successfully configure Daq-0.4 as seen below.
would you please help sort out the problem.





*joseph@ubuntu:~$ sudo tar zxvf daq-0.4.tar.gz
*
daq-0.4/README

daq-0.4/aclocal.m4

daq-0.4/Makefile.in

daq-0.4/config.h.in

daq-0.4/config.guess

daq-0.4/daq.dsp

daq-0.4/install-sh

daq-0.4/configure.ac

daq-0.4/configure

daq-0.4/config.sub

daq-0.4/missing

daq-0.4/ltmain.sh

daq-0.4/ChangeLog

daq-0.4/COPYING

daq-0.4/depcomp

daq-0.4/Makefile.am

daq-0.4/m4/ltsugar.m4

daq-0.4/m4/ltoptions.m4

daq-0.4/m4/ax_cflags_gcc_option.m4

daq-0.4/m4/ltversion.m4

daq-0.4/m4/lt~obsolete.m4

daq-0.4/m4/libtool.m4

daq-0.4/m4/sf.m4

daq-0.4/os-daq-modules/Makefile.in

daq-0.4/os-daq-modules/daq_afpacket.c

daq-0.4/os-daq-modules/daq_ipq.c

daq-0.4/os-daq-modules/daq_nfq.c

daq-0.4/os-daq-modules/daq_dump.c

daq-0.4/os-daq-modules/daq-modules-config.in

daq-0.4/os-daq-modules/daq_static_modules.c

daq-0.4/os-daq-modules/daq_pcap.c

daq-0.4/os-daq-modules/daq_ipfw.c

daq-0.4/os-daq-modules/daq_static_modules.h

daq-0.4/os-daq-modules/Makefile.am

daq-0.4/sfbpf/sfbpf_dlt.h

daq-0.4/sfbpf/atmuni31.h

daq-0.4/sfbpf/Makefile.in

daq-0.4/sfbpf/scanner.l

daq-0.4/sfbpf/arcnet.h

daq-0.4/sfbpf/sf_bpf_printer.c

daq-0.4/sfbpf/sf_gencode.c

daq-0.4/sfbpf/ipnet.h

daq-0.4/sfbpf/ieee80211.h

daq-0.4/sfbpf/sfbpf-int.c

daq-0.4/sfbpf/grammar.y

daq-0.4/sfbpf/ethertype.h

daq-0.4/sfbpf/sf_optimize.c

daq-0.4/sfbpf/sf-redefines.h

daq-0.4/sfbpf/sfbpf.h

daq-0.4/sfbpf/sf_bpf_filter.c

daq-0.4/sfbpf/runlex.sh

daq-0.4/sfbpf/IP6_misc.h

daq-0.4/sfbpf/gencode.h

daq-0.4/sfbpf/namedb.h

daq-0.4/sfbpf/sll.h

daq-0.4/sfbpf/sunatmpos.h

daq-0.4/sfbpf/ppp.h

daq-0.4/sfbpf/win32-stdinc.h

daq-0.4/sfbpf/nlpid.h

daq-0.4/sfbpf/sfbpf-int.h

daq-0.4/sfbpf/llc.h

daq-0.4/sfbpf/bittypes.h

daq-0.4/sfbpf/sf_nametoaddr.c

daq-0.4/sfbpf/Makefile.am

daq-0.4/api/daq.h

daq-0.4/api/Makefile.in

daq-0.4/api/daq_common.h

daq-0.4/api/daq_api.h

daq-0.4/api/daq_base.c

daq-0.4/api/daq_mod_ops.c

daq-0.4/api/Makefile.am

joseph@ubuntu:~$ cd daq-0.4


*joseph@ubuntu:~/daq-0.4$ sudo ./configure*

checking for a BSD-compatible install... /usr/bin/install -c

checking whether build environment is sane... yes

checking for a thread-safe mkdir -p... /bin/mkdir -p

checking for gawk... no

checking for mawk... mawk

checking whether make sets $(MAKE)... yes

checking for gcc... gcc

checking whether the C compiler works... yes

checking for C compiler default output file name... a.out

checking for suffix of executables...

checking whether we are cross compiling... no

checking for suffix of object files... o

checking whether we are using the GNU C compiler... yes

checking whether gcc accepts -g... yes

checking for gcc option to accept ISO C89... none needed

checking for style of include used by make... GNU

checking dependency style of gcc... gcc3

checking build system type... i686-pc-linux-gnu

checking host system type... i686-pc-linux-gnu

checking for a sed that does not truncate output... /bin/sed

checking for grep that handles long lines and -e... /bin/grep

checking for egrep... /bin/grep -E

checking for fgrep... /bin/grep -F

checking for ld used by gcc... /usr/bin/ld

checking if the linker (/usr/bin/ld) is GNU ld... yes

checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B

checking the name lister (/usr/bin/nm -B) interface... BSD nm

checking whether ln -s works... yes

checking the maximum length of command line arguments... 1572864

checking whether the shell understands some XSI constructs... yes

checking whether the shell understands "+="... yes

checking for /usr/bin/ld option to reload object files... -r

checking for objdump... objdump

checking how to recognize dependent libraries... pass_all

checking for ar... ar

checking for strip... strip

checking for ranlib... ranlib

checking command to parse /usr/bin/nm -B output from gcc object... ok

checking how to run the C preprocessor... gcc -E

checking for ANSI C header files... yes

checking for sys/types.h... yes

checking for sys/stat.h... yes

checking for stdlib.h... yes

checking for string.h... yes

checking for memory.h... yes

checking for strings.h... yes

checking for inttypes.h... yes

checking for stdint.h... yes

checking for unistd.h... yes

checking for dlfcn.h... yes

checking for objdir... .libs

checking if gcc supports -fno-rtti -fno-exceptions... no

checking for gcc option to produce PIC... -fPIC -DPIC

checking if gcc PIC flag -fPIC -DPIC works... yes

checking if gcc static flag -static works... yes

checking if gcc supports -c -o file.o... yes

checking if gcc supports -c -o file.o... (cached) yes

checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes

checking whether -lc should be explicitly linked in... no

checking dynamic linker characteristics... GNU/Linux ld.so

checking how to hardcode library paths into programs... immediate

checking whether stripping libraries is possible... yes

checking if libtool supports shared libraries... yes

checking whether to build shared libraries... yes

checking whether to build static libraries... yes

checking for visibility support... yes

checking CFLAGS for gcc -Wall... -Wall

checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings

checking CFLAGS for gcc -Wsign-compare... -Wsign-compare

checking CFLAGS for gcc -Wcast-align... -Wcast-align

checking CFLAGS for gcc -Wextra... -Wextra

checking CFLAGS for gcc -Wformat... -Wformat

checking CFLAGS for gcc -Wformat-security... -Wformat-security

checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter

checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing

checking CFLAGS for gcc -fdiagnostics-show-option... -fdiagnostics-show-option

checking for getaddrinfo... yes

checking for flex... flex

checking for flex 2.4 or higher... yes

checking for bison... bison

checking linux/if_ether.h usability... yes

checking linux/if_ether.h presence... yes

checking for linux/if_ether.h... yes

checking linux/if_packet.h usability... yes

checking linux/if_packet.h presence... yes

checking for linux/if_packet.h... yes

checking pcap.h usability... yes

checking pcap.h presence... yes

checking for pcap.h... yes

checking dnet.h usability... yes

checking dnet.h presence... yes

checking for dnet.h... yes

checking netinet/in.h usability... yes

checking netinet/in.h presence... yes

checking for netinet/in.h... yes

checking libipq.h usability... no

checking libipq.h presence... no

checking for libipq.h... no

checking for linux/netfilter.h... yes

checking for dnet.h... (cached) yes

checking for netinet/in.h... (cached) yes

checking libnetfilter_queue/libnetfilter_queue.h usability... no

checking libnetfilter_queue/libnetfilter_queue.h presence... no

checking for libnetfilter_queue/libnetfilter_queue.h... no

checking for linux/netfilter.h... (cached) yes

checking for pcap.h... (cached) yes

checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... yes

checking for libpcap version >= "1.0.0"... yes

checking for dlopen in -ldl... yes

checking for inttypes.h... (cached) yes

checking for memory.h... (cached) yes

checking netdb.h usability... yes

checking netdb.h presence... yes

checking for netdb.h... yes

checking for netinet/in.h... (cached) yes

checking for stdint.h... (cached) yes

checking for stdlib.h... (cached) yes

checking for string.h... (cached) yes

checking sys/ioctl.h usability... yes

checking sys/ioctl.h presence... yes

checking for sys/ioctl.h... yes

checking sys/param.h usability... yes

checking sys/param.h presence... yes

checking for sys/param.h... yes

checking sys/socket.h usability... yes

checking sys/socket.h presence... yes

checking for sys/socket.h... yes

checking sys/time.h usability... yes

checking sys/time.h presence... yes

checking for sys/time.h... yes

checking for unistd.h... (cached) yes

checking for inline... inline

checking for size_t... yes

checking for uint16_t... yes

checking for uint32_t... yes

checking for uint64_t... yes

checking for uint8_t... yes

checking for stdlib.h... (cached) yes

checking for GNU libc compatible malloc... yes

checking for stdlib.h... (cached) yes

checking for unistd.h... (cached) yes

checking for sys/param.h... (cached) yes

checking for getpagesize... yes

checking for working mmap... yes

checking for gethostbyname... yes

checking for getpagesize... (cached) yes

checking for memset... yes

checking for munmap... yes

checking for socket... yes

checking for strchr... yes

checking for strcspn... yes

checking for strdup... yes

checking for strerror... yes

checking for strrchr... yes

checking for strstr... yes

checking for strtoul... yes

configure: creating ./config.status

config.status: creating Makefile

config.status: creating api/Makefile

config.status: creating os-daq-modules/Makefile

config.status: creating sfbpf/Makefile

config.status: creating config.h

config.status: config.h is unchanged

config.status: executing depfiles commands

config.status: executing libtool commands



Build AFPacket DAQ module.. : yes

Build Dump DAQ module...... : yes

Build IPFW DAQ module...... : yes

Build IPQ DAQ module....... : no

Build NFQ DAQ module....... : no

Build PCAP DAQ module...... : yes



*joseph@ubuntu:~/daq-0.4$ sudo make
*
make all-recursive

make[1]: Entering directory `/home/joseph/daq-0.4'

Making all in api

make[2]: Entering directory `/home/joseph/daq-0.4/api'

make[2]: Nothing to be done for `all'.

make[2]: Leaving directory `/home/joseph/daq-0.4/api'

Making all in sfbpf

make[2]: Entering directory `/home/joseph/daq-0.4/sfbpf'

make[2]: Nothing to be done for `all'.

make[2]: Leaving directory `/home/joseph/daq-0.4/sfbpf'

Making all in os-daq-modules

make[2]: Entering directory `/home/joseph/daq-0.4/os-daq-modules'

make[2]: Nothing to be done for `all'.

make[2]: Leaving directory `/home/joseph/daq-0.4/os-daq-modules'

make[2]: Entering directory `/home/joseph/daq-0.4'

make[2]: Leaving directory `/home/joseph/daq-0.4'

make[1]: Leaving directory
 
Old 12-27-2010, 08:51 PM   #2
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Rep: Reputation: 37
Hi,

As you are using Ubuntu and in Ubuntu it's pretty straightforward. Just Use
$ sudo apt-get install snort
Done. Now if you want to add more options in your snort just add more like do a search for snort related packages.
$ sudo apt-cache search snort
 
1 members found this post helpful.
Old 12-30-2010, 12:15 PM   #3
Tytosi
LQ Newbie
 
Registered: Dec 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you so much for your help. i tried to install and do some more configurations. i am thinking of reinstall UBUNTU and start afresh. My goal is to install snort on my laptop and and how it works.

i would appreciate if you could help with much easier way of installation.
 
Old 01-01-2011, 01:07 AM   #4
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Rep: Reputation: 37
I already told you the most easiest way. In ubuntu just give the command
Code:
 $ sudo apt-get install snort
That command will install snort in your machine. Now to monitor the traffics on eth0 interface of network 192.168.100.0/16 just open the file /etc/snort/snort.conf and change the lines HOME_NET to your network and interface to listen is eth0/ipaddress of eth0

After that restart snort service with
Code:
$ sudo /etc/init.d/snort restart
ps ax | grep snort will output
Code:
/usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.100.0/16] -i eth0
hope this helps

Last edited by tanveer; 01-01-2011 at 03:01 PM.
 
1 members found this post helpful.
Old 01-01-2011, 01:26 AM   #5
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
Use CODE (#) tags please...

It makes your post x100 more readable.
 
1 members found this post helpful.
Old 01-02-2011, 12:04 PM   #6
Tytosi
LQ Newbie
 
Registered: Dec 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Hi tenvar & leopard

i used Sudo apt-get install snort as you advised
i then changed the variables as shown below:-
HOME_NET to joseph-XPS-M1530 which is hostname
ip address wlan0 Link encap:Ethernet HWaddr 00:1c:bf:aa:2a:f9
inet addr:192.168.0.6 Bcast:192.168.0.255 Mask:255.255.255.0

i tried to restart snort but it failed to start. Would you please examine my code again. Your help is appreciated.
ps in my snort configuration process i declared ip add 192.168.100.0/16
###################################################
# Step #1: Set the network variables:
#
# You must change the following variables to reflect your local network. The
# variable is currently setup for an RFC 1918 address space.
#
# You can specify it explicitly as:
#
# var joseph-XPS-M1530 192.168.0.6
#
# if Snort is built with IPv6 support enabled (--enable-ipv6), use:
#
# ipvar joseph-XPS-M1530 192.168.0.6

#
# or use global variable $<interfacename>_ADDRESS which will be always
# initialized to IP address and netmask of the network interface which you run
# snort at. Under Windows, this must be specified as
# $(<interfacename>_ADDRESS), such as:
# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)
#
# var joseph-XPS-M1530 $eth0_192.168.0.6
#
# You can specify lists of IP addresses for HOME_NET
# by separating the IPs with commas like this:
#
# var jospeh-XPS-M1530 [192.168.100.0/16]

#
# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
#
# or you can specify the variable to be any IP address
# like this:

var joseph-XPS-M1530 any

# Set up the external network addresses as well. A good start may be "any"
var EXTERNAL_NET any
#var EXTERNAL_NET !$joseph-XPS-M1530

# List of DNS servers on your network
var DNS_SERVERS $joseph-XPS-M1530

# List of SMTP servers on your network
var SMTP_SERVERS $joseph-XPS-M1530

# List of web servers on your network
var HTTP_SERVERS $joseph-XPS-M1530

# List of sql servers on your network
var SQL_SERVERS $joseph-XPS-M1530

# List of telnet servers on your network
var TELNET_SERVERS $joseph-XPS-M1530

# List of telnet servers on your network
var FTP_SERVERS $joseph-XPS-M1530

# List of snmp servers on your network
var SNMP_SERVERS $joseph-XPS-M1530
 
Old 01-13-2011, 07:06 AM   #7
Tytosi
LQ Newbie
 
Registered: Dec 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you so much for your help on this site. I have jus discovered another easier way of installing SNORT in UBUNTU. Just going to :-
Applications - Ubuntu Software Centre - Get Software
then type snort, it then gives snort and all the necessary packages then one can just choose which packages they need accordingly. I found this to be the easiest way of going around it.

Then restart snort with those commands as advised by Tanveer

Last edited by Tytosi; 01-13-2011 at 07:09 AM. Reason: jus to add another line
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Serial port : Read data problem, not reading complete data anujmehta Linux - Networking 5 09-06-2010 07:10 AM
Installation & Configuration Of Intrusion Detection With Snort, ACIDBASE, MySQL, And metallica1973 Linux - Server 3 02-09-2010 12:47 PM
SNORT- Configuration priyadarshan Linux - Software 1 03-21-2009 01:38 AM
snort data collections gabsik Linux - Networking 1 09-24-2006 01:01 PM
Snort Configuration ppuru Linux - Security 1 06-20-2004 10:06 AM


All times are GMT -5. The time now is 05:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration