LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-27-2006, 02:40 PM   #1
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Rep: Reputation: 31
prelude ids install


Hello everyone,

I'm attempting to install prelude ids. I tried installing it on fedora core 5, but I was having plenty of problems after what I thought was following the install procedure. So I thought maybe it wasn't compatable with fedora 5 so I stepped it down a bit and tried installing it on RedHat 3. Again I am plaged with problems. Differnt ones this time, so I'm pretty frustrated with this.

I made a user named prelude. I downloaded files and installed them as either prelude or root as the instructions has said to do.

I have resolved all of the dependencies I have found that was causing problems.

Can someone give me some better step by step instructions? What flavor and version of linux are using that worked? They are new, so I understand there isn't a ton of info out there about this.

Any help would be appreciated.

-charlier-
 
Old 06-28-2006, 12:49 AM   #2
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
Once, I did successfully installed prelude (do not know which version) on FC1. It takes times and energy to find all necessary comoponets to get the job do. What problem did you meet, more details should be fine.
 
Old 06-28-2006, 11:41 AM   #3
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Original Poster
Rep: Reputation: 31
I think my problems had a little bit to do with SELinux. I turned it off this time to see if that helps things.

Also maybe how it was installed? It's kind of confusing , and I don't nessacarily understand why, we have to install things under a user, then in the middle of it, switch to root.

I need some clarification as to why its done that way, or maybe im just doing that wrong.

Should i make a new user "prelude" and use them as the user to install things? or should i use any local user?

Also, with all the depencies, should those all be installed as root? thats how i have been doing things, but of course much of what i do hasnt been working.

Any pointers or hints to get started off right would be MUCH appreciated.

-charlier-
 
Old 06-28-2006, 12:53 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I tried installing it on fedora core 5, but I was having plenty of problems after what I thought was following the install procedure. So I thought maybe it wasn't compatable with fedora 5 so I stepped it down a bit and tried installing it on RedHat 3. Again I am plaged with problems. Differnt ones this time, so I'm pretty frustrated with this.

Like fedora4002 already said, we need details to work with. "It doesn't work" or "it won't install" won't help us help you. If you could post the location of the HOWTO you followed and *exact* installation, dependency or other errors it would be much more efficient, much faster.


I think my problems had a little bit to do with SELinux. I turned it off this time to see if that helps things.
If you understand what SELinux is good for and if you need it, then problems should not be "ignored" by disabling SELinux but corrected by looking at audit messages and properly setting contexts or talking to the developers/packagers.


Also maybe how it was installed? It's kind of confusing , and I don't nessacarily understand why, we have to install things under a user, then in the middle of it, switch to root.
One of the nice features of RPM installs (if that's what you're doing) is that you can list about everything a package contains, like for instance install scripts (-q --scripts) to help explain why something is necessary.


So: post the location of the HOWTO you followed and *exact* installation, dependency or other errors.
BTW, this thread isn't a security problem but an installation problem. After your next reply this thread will be moved to Linux - Software.
 
Old 06-29-2006, 04:13 PM   #5
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Original Poster
Rep: Reputation: 31
I figured it fit in with security cause its security software. Ill keep note of that next time.

For what I'm following for my install, its off of this webpage:

https://trac.prelude-ids.org/wiki/PreludeHandbook

Also maybe how it was installed? It's kind of confusing , and I don't nessacarily understand why, we have to install things under a user, then in the middle of it, switch to root.
One of the nice features of RPM installs (if that's what you're doing) is that you can list about everything a package contains, like for instance install scripts (-q --scripts) to help explain why something is necessary.

Not quite what I meant. When you look at the install instructions, under the libprelude install part. It will tell you to do something as a user. Then the next step, is to switch to root and install.

So for that, I wonder if I should just create a user or just use the one I already have?

Now for the errors I get. I use yum for most of the packages that were needed, except for the prelude stuff. I didn't see any errors during that part, so I assume they all went well. If there is a way to check, I'm willing to do it. I just don't know how.

I get down to the first part. Libprelude. I download and install this part all under root cause I'm not entirely sure about what I should do about the user. All installs fine. The output shows up as it should.

Second part. Libpreludedb. Same thing. Download and install under root. Same reasons as above. I get the appropriate output at teh end.

BTW, to get that, I have to add --enable-gtk-doc to the ./configure part.

So on to creating a database. This is where the trouble starts, and more of my confusion. I understand the basics of linux. But not mysql of linux. I know it was installed on this machine when i did the install. That's all I do know.

In the part of those intructions, it says to put in this command and you get this response.
Then, if everything is ok, you should see something like this:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 303 to server version: 4.0.22-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Here is what I get.

[root@prelude libpreludedb-0.9.8]# mysql -u root -p
Enter password:
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

What should I do or where should I go from this. More importantly, what does this mean?

Okay, go on ahead and move me to software.

Thanks for your help.

charlier
 
Old 06-29-2006, 05:27 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
BTW, you *might* want to use the quote button, or manually add carets or any other way to mark pieces of text to reply to. Unmarked plain text ain't very efficient. TIA


I figured it fit in with security cause its security software. Ill keep note of that next time.
NP, mods know how to deal with "taxonomy".


Not quite what I meant. When you look at the install instructions, under the libprelude install part. It will tell you to do something as a user. Then the next step, is to switch to root and install.
For security and other reasons most software will be compiled under an unprivileged user account and after a succesful built installed as root account user. It's a standard, nothing to think about, just do it...


So for that, I wonder if I should just create a user or just use the one I already have?
Unless different UID_MIN is set in /etc/login.defs usually any UID >= 500 with access to compiler and sources will do.


I didn't see any errors during that part, so I assume they all went well. If there is a way to check, I'm willing to do it. I just don't know how.
If you satisfied all of the requirements and none of the installs went nuts then any rpm query for a package name should return info (say "rpm -qi prelude").


ERROR 2002 Here's what the MySQL site docs return: "The error (2002) Can't connect to ... normally means that there is no MySQL server running on the system or that you are using an incorrect Unix socket filename or TCP/IP port number when trying to connect to the server." (..) "Start by checking whether there is a process named mysqld running on your server host. (Use ps xa | grep mysqld on Unix or the Task Manager on Windows.) If there is no such process, you should start the server. See Section 2.10.2.3, "Starting and Troubleshooting the MySQL Server"."


HTH

Last edited by unSpawn; 06-29-2006 at 05:29 PM.
 
Old 06-30-2006, 10:26 AM   #7
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Original Poster
Rep: Reputation: 31
Great, thanks for your help.

It looks like I'm past that road block. I'll be back as soon as I hit another.

Have a good one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
prelude ids install problem neocontrol Linux - Security 3 06-14-2006 01:59 PM
Qmail INSTALL.ids ®åD\° Linux - Software 6 09-08-2004 11:33 PM
prelude IDS and ssl issues Olusegun Linux - Security 3 08-21-2004 01:15 PM
Which Firewall Prelude or Snort? DavidTempler Linux - Security 4 11-11-2003 02:58 PM
Question on Prelude IDS pavkb Linux - Security 1 03-12-2003 05:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration