LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-31-2014, 06:19 AM   #1
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Rep: Reputation: 14
CentOS 7: problem installing Module::IPTables-Parse (JSON::PP 2.27103)


Hi all,
I have installed snort 2.9.7(running as NIDS) on centos7 (desktop dell optiplex intel core i3) and now I have enabled IPTables and working on fwsnort so that it can parse snort rules to IPTables. I am facing problems executing ./fwsnort ::

Code:
[root@localhost sbin]# ./fwsnort 
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
Tried to install IPTables/Parse.pm vi cpanm as follows :: I am behind a proxy and I did exported proxy settings(http & https) before executing this
Code:
root@localhost sbin]# cpanm Module::IPTables-Parse
! Finding Module::IPTables-Parse on cpanmetadb failed.
! Finding Module::IPTables-Parse () on mirror http://www.cpan.org failed.
! Couldn't find module or a distribution Module::IPTables-Parse ()
Downloaded tarball followed instruction and failed again ::
Code:
root@localhost IPTables-Parse-1.1]# perl5.16.3 Makefile.PL 
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
 at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
 at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
 at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
[root@localhost IPTables-Parse-1.1]# make
make: *** No targets specified and no makefile found.  Stop.
[root@localhost IPTables-Parse-1.1]# make test
make: *** No rule to make target `test'.  Stop.
[root@localhost IPTables-Parse-1.1]# make install
make: *** No rule to make target `install'.  Stop.
I tried & failed & cant make out how to get JSON::PP 2.27103, is there any way round ? Help is always appreciated.

regards,
nm

Last edited by NM04; 12-31-2014 at 06:23 AM.
 
Old 01-03-2015, 04:40 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by NM04 View Post
Code:
root@localhost sbin]# cpanm Module::IPTables-Parse
The module is called "IPTables::Parse": http://search.cpan.org/~mrash/IPTabl...ables/Parse.pm.


Quote:
Originally Posted by NM04 View Post
I tried & failed & cant make out how to get JSON::PP 2.27103, is there any way round ?
This module is called "JSON-PP-2.27103": http://search.cpan.org/~makamaka/JSON-PP-2.27103/

*What you get from this is:
0) query CPAN for the right name and
1) use "search.cpan.org" is you can't find it via the CLI.


Quote:
Originally Posted by NM04 View Post
Code:
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
Couple of ways to get this working, in no particular order:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012.
 
1 members found this post helpful.
Old 01-05-2015, 01:02 AM   #3
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
Quote:
Originally Posted by unSpawn View Post
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012.
Dear Sir, I am trying to build an Intrusion Prevention System for my network, and I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables. I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then would you please suggest any other implementation of IPS that best suits my network. I am trying to implement IPS in my intranet, which comprises of a proxy,dns, and around at least 1000 users.

regards,
nm
 
Old 01-05-2015, 01:34 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by NM04 View Post
I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then
I gave you four options and you only talk about the last two. Are the first two not feasible then?:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,


Quote:
Originally Posted by NM04 View Post
would you please suggest any other implementation of IPS that best suits my network.
What are the specifications of your network that we should factor in when offering suggestions?


Quote:
Originally Posted by NM04 View Post
I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables.
Based on what criterion did you decide to implement fwsnort? And are you aware of the consequences, or phrased differently: how do you intend to mitigate fwsnorts pitfalls?
 
Old 01-05-2015, 05:49 AM   #5
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
Code:
# cpanm IPTables::Parse
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz ... OK
Configuring IPTables-Parse-1.1 ... N/A
! Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
==================================================================================================== ===========
that log file ::
Code:
panm (App::cpanminus) 1.6922 on perl 5.016003 built for x86_64-linux-thread-multi
Work directory is /root/.cpanm/work/1420457450.6872
You have make /usr/bin/make
You have LWP 6.05
You have /usr/bin/tar: tar (GNU tar) 1.26
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by John Gilmore and Jay Fenlason.
You have /usr/bin/unzip
Searching IPTables::Parse on cpanmetadb ...
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz
-> OK
Unpacking IPTables-Parse-1.1.tar.gz
Entering IPTables-Parse-1.1
Checking configure dependencies from META.json
Checking if you have ExtUtils::MakeMaker 0 ... Yes (6.68)
Configuring IPTables-Parse-1.1
Running Makefile.PL
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
 at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
 at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
 at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
-> N/A
-> FAIL Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
==================================================================================================== ==========

I work for an educational institute and like I wrote in my previous post that I am behind a proxy and have a dns server and nearly thousand users.And they want to implement IPS in Intranet.

Sir, honestly I don't have any idea about "fwsnort pitfalls", I read through many docs (for open source IPS) and found some solution, fwsnort is one of them which can be integrated with snort to parse its rules to IPTables, others are --snortsam,suricata. I selected fwsnort just because I have snort IDS working.

Would you please consider my request and tell me about fwsnort pitfalls.

regards,
nm
 
Old 01-05-2015, 01:44 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by NM04 View Post
Code:
JSON::PP 2.27103 is not available
I told you how the exact module name and where to find it!


Quote:
Originally Posted by NM04 View Post
I selected fwsnort just because I have snort IDS working. Would you please consider my request and tell me about fwsnort pitfalls.
fwsnort "converts" Snort rules to be used as iptables rules. It does this by using iptables "string match" module. String matching is not good for performance and it won't be able to filter traffic as accurately as Snort does. Some Snort rules probably can't even be translated to iptables rules so the value of what you will be left with detection-wise will be questionable. In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata.
 
1 members found this post helpful.
Old 01-06-2015, 10:39 PM   #7
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
Quote:
Originally Posted by unSpawn View Post
I told you how the exact module name and where to find it!
Ok if I don't use fwsnort (because of that drawback), I dont have to install this JSON::PP module.


Quote:
Originally Posted by unSpawn View Post
In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata.
Ok if I choose snort , because I have already implemented it as an IDS and working fine, what other options do I have to make it work like an IPS ? I have tried to install Snortsam but I am stuck. If something can be done with the current implementation I would be more than happy!! If not then I will have to go for suricata.

regards,
nm
 
Old 01-07-2015, 01:28 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by NM04 View Post
I have tried to install Snortsam but I am stuck.
Please create a new thread and post detailed, exact information there:
- Linux distribution and release,
- which software + versions you installed,
- any steps you took to install software if they deviate from the software instructions, and
- the errors you got, and
- what you have tried to fix them.
 
Old 01-07-2015, 11:06 PM   #9
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
yes Sir I will, actually I am stuck because I can't find binary of snort in my system. And Sir please consider my request an advise me commercially available software products for firewall, IPS/IDS, which you think are best for an Institutions network as we are growing fast and expecting 5000-10000 users or may be more in next 3-5 years.

best regards,
nm
 
Old 01-08-2015, 05:34 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by NM04 View Post
yes Sir I will, actually I am stuck because I can't find binary of snort in my system.
Then I assert you haven't even tried searching see: https://www.snort.org/downloads


Quote:
Originally Posted by NM04 View Post
please consider my request an advise me commercially available software products
I'm sorry, Dave. I'm afraid I can't do that (as I am not a travelling salesman ;-p).
 
Old 01-08-2015, 10:23 PM   #11
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
Apologies, I never meant to disrespect you.
 
Old 01-10-2015, 03:05 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Likewise I do not see you showing any disrespect. So, will you be continuing with fwsnort or will you move to Snort itself?
 
Old 01-11-2015, 10:35 PM   #13
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
I am not going with fwsnort, I will try "snortsam" first, if it works all good, otherwise---suricata.
 
Old 01-13-2015, 06:04 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
OK, good luck!
 
Old 01-13-2015, 10:19 PM   #15
NM04
Member
 
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240

Original Poster
Rep: Reputation: 14
thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to parse JSON string via command line on Linux LXer Syndicated Linux News 0 09-05-2013 06:32 PM
Parse JSON using Linux command Stefanus Linux - Newbie 2 11-19-2012 10:25 PM
Centos 5.0 x86_64: need help adding connlimit module to iptables thanhlong Linux - Enterprise 4 07-14-2008 03:14 AM
LXer: Installing The PHP-MemCache Module On CentOS 5.0 LXer Syndicated Linux News 0 07-18-2007 03:01 PM
LXer: Installing The PHP-MSSQL Module On CentOS 5.0 LXer Syndicated Linux News 0 06-11-2007 10:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration