[SOLVED] CentOS 7: problem installing Module::IPTables-Parse (JSON::PP 2.27103)
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
CentOS 7: problem installing Module::IPTables-Parse (JSON::PP 2.27103)
Hi all,
I have installed snort 2.9.7(running as NIDS) on centos7 (desktop dell optiplex intel core i3) and now I have enabled IPTables and working on fwsnort so that it can parse snort rules to IPTables. I am facing problems executing ./fwsnort ::
Code:
[root@localhost sbin]# ./fwsnort
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
Tried to install IPTables/Parse.pm vi cpanm as follows :: I am behind a proxy and I did exported proxy settings(http & https) before executing this
Code:
root@localhost sbin]# cpanm Module::IPTables-Parse
! Finding Module::IPTables-Parse on cpanmetadb failed.
! Finding Module::IPTables-Parse () on mirror http://www.cpan.org failed.
! Couldn't find module or a distribution Module::IPTables-Parse ()
Downloaded tarball followed instruction and failed again ::
Code:
root@localhost IPTables-Parse-1.1]# perl5.16.3 Makefile.PL
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
[root@localhost IPTables-Parse-1.1]# make
make: *** No targets specified and no makefile found. Stop.
[root@localhost IPTables-Parse-1.1]# make test
make: *** No rule to make target `test'. Stop.
[root@localhost IPTables-Parse-1.1]# make install
make: *** No rule to make target `install'. Stop.
I tried & failed & cant make out how to get JSON::PP 2.27103, is there any way round ? Help is always appreciated.
*What you get from this is:
0) query CPAN for the right name and
1) use "search.cpan.org" is you can't find it via the CLI.
Quote:
Originally Posted by NM04
Code:
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
Couple of ways to get this working, in no particular order:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012.
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012.
Dear Sir, I am trying to build an Intrusion Prevention System for my network, and I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables. I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then would you please suggest any other implementation of IPS that best suits my network. I am trying to implement IPS in my intranet, which comprises of a proxy,dns, and around at least 1000 users.
I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then
I gave you four options and you only talk about the last two. Are the first two not feasible then?:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,
Quote:
Originally Posted by NM04
would you please suggest any other implementation of IPS that best suits my network.
What are the specifications of your network that we should factor in when offering suggestions?
Quote:
Originally Posted by NM04
I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables.
Based on what criterion did you decide to implement fwsnort? And are you aware of the consequences, or phrased differently: how do you intend to mitigate fwsnorts pitfalls?
# cpanm IPTables::Parse
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz ... OK
Configuring IPTables-Parse-1.1 ... N/A
! Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
==================================================================================================== ===========
that log file ::
Code:
panm (App::cpanminus) 1.6922 on perl 5.016003 built for x86_64-linux-thread-multi
Work directory is /root/.cpanm/work/1420457450.6872
You have make /usr/bin/make
You have LWP 6.05
You have /usr/bin/tar: tar (GNU tar) 1.26
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by John Gilmore and Jay Fenlason.
You have /usr/bin/unzip
Searching IPTables::Parse on cpanmetadb ...
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz
-> OK
Unpacking IPTables-Parse-1.1.tar.gz
Entering IPTables-Parse-1.1
Checking configure dependencies from META.json
Checking if you have ExtUtils::MakeMaker 0 ... Yes (6.68)
Configuring IPTables-Parse-1.1
Running Makefile.PL
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
-> N/A
-> FAIL Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
I work for an educational institute and like I wrote in my previous post that I am behind a proxy and have a dns server and nearly thousand users.And they want to implement IPS in Intranet.
Sir, honestly I don't have any idea about "fwsnort pitfalls", I read through many docs (for open source IPS) and found some solution, fwsnort is one of them which can be integrated with snort to parse its rules to IPTables, others are --snortsam,suricata. I selected fwsnort just because I have snort IDS working.
Would you please consider my request and tell me about fwsnort pitfalls.
I told you how the exact module name and where to find it!
Quote:
Originally Posted by NM04
I selected fwsnort just because I have snort IDS working. Would you please consider my request and tell me about fwsnort pitfalls.
fwsnort "converts" Snort rules to be used as iptables rules. It does this by using iptables "string match" module. String matching is not good for performance and it won't be able to filter traffic as accurately as Snort does. Some Snort rules probably can't even be translated to iptables rules so the value of what you will be left with detection-wise will be questionable. In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata.
I told you how the exact module name and where to find it!
Ok if I don't use fwsnort (because of that drawback), I dont have to install this JSON::PP module.
Quote:
Originally Posted by unSpawn
In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata.
Ok if I choose snort , because I have already implemented it as an IDS and working fine, what other options do I have to make it work like an IPS ? I have tried to install Snortsam but I am stuck. If something can be done with the current implementation I would be more than happy!! If not then I will have to go for suricata.
Please create a new thread and post detailed, exact information there:
- Linux distribution and release,
- which software + versions you installed,
- any steps you took to install software if they deviate from the software instructions, and
- the errors you got, and
- what you have tried to fix them.
yes Sir I will, actually I am stuck because I can't find binary of snort in my system. And Sir please consider my request an advise me commercially available software products for firewall, IPS/IDS, which you think are best for an Institutions network as we are growing fast and expecting 5000-10000 users or may be more in next 3-5 years.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
