Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-31-2014, 06:19 AM
|
#1
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Rep: 
|
CentOS 7: problem installing Module::IPTables-Parse (JSON::PP 2.27103)
Hi all,
I have installed snort 2.9.7(running as NIDS) on centos7 (desktop dell optiplex intel core i3) and now I have enabled IPTables and working on fwsnort so that it can parse snort rules to IPTables. I am facing problems executing ./fwsnort ::
Code:
[root@localhost sbin]# ./fwsnort
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
Tried to install IPTables/Parse.pm vi cpanm as follows :: I am behind a proxy and I did exported proxy settings(http & https) before executing this
Code:
root@localhost sbin]# cpanm Module::IPTables-Parse
! Finding Module::IPTables-Parse on cpanmetadb failed.
! Finding Module::IPTables-Parse () on mirror http://www.cpan.org failed.
! Couldn't find module or a distribution Module::IPTables-Parse ()
Downloaded tarball followed instruction and failed again ::
Code:
root@localhost IPTables-Parse-1.1]# perl5.16.3 Makefile.PL
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
[root@localhost IPTables-Parse-1.1]# make
make: *** No targets specified and no makefile found. Stop.
[root@localhost IPTables-Parse-1.1]# make test
make: *** No rule to make target `test'. Stop.
[root@localhost IPTables-Parse-1.1]# make install
make: *** No rule to make target `install'. Stop.
I tried & failed & cant make out how to get JSON::PP 2.27103, is there any way round ? Help is always appreciated.
regards,
nm
Last edited by NM04; 12-31-2014 at 06:23 AM.
|
|
|
|
|
01-03-2015, 04:40 AM
|
#2
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Quote:
Originally Posted by NM04
Code:
root@localhost sbin]# cpanm Module::IPTables-Parse
|
The module is called "IPTables::Parse": http://search.cpan.org/~mrash/IPTabl...ables/Parse.pm.
Quote:
Originally Posted by NM04
I tried & failed & cant make out how to get JSON::PP 2.27103, is there any way round ?
|
This module is called "JSON-PP-2.27103": http://search.cpan.org/~makamaka/JSON-PP-2.27103/
*What you get from this is:
0) query CPAN for the right name and
1) use "search.cpan.org" is you can't find it via the CLI.
Quote:
Originally Posted by NM04
Code:
Can't locate IPTables/Parse.pm in @INC (@INC contains: /usr/lib/fwsnort /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./fwsnort line 4260.
|
Couple of ways to get this working, in no particular order:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012. |
|
|
1 members found this post helpful.
|
|
01-05-2015, 01:02 AM
|
#3
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
2) Download PSAD from cipherdyne.com as it already includes "IPTables::Parse".
3) Download IPTables-Parse-1.1.tar.bz2 from cipherdyne.com.
*Note #2 and #3 are really not advisable since these packages are way old and have not been updated since 2012.
|
Dear Sir, I am trying to build an Intrusion Prevention System for my network, and I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables. I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then would you please suggest any other implementation of IPS that best suits my network. I am trying to implement IPS in my intranet, which comprises of a proxy,dns, and around at least 1000 users.
regards,
nm |
|
|
|
|
01-05-2015, 01:34 AM
|
#4
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Quote:
Originally Posted by NM04
I am not implementing PSAD, but IPTables::Parse is what I need, if it is not being updated then
|
I gave you four options and you only talk about the last two. Are the first two not feasible then?:
0) Run 'cpan IPTables::Parse" properly,
1) Download the "perl-IPTables-Parse" source RPM from Fedora and build for your system,
Quote:
Originally Posted by NM04
would you please suggest any other implementation of IPS that best suits my network.
|
What are the specifications of your network that we should factor in when offering suggestions?
Quote:
Originally Posted by NM04
I decided to implement iptables and supply rules from snort IDS with the help of IPTables::Parse to iptables.
|
Based on what criterion did you decide to implement fwsnort? And are you aware of the consequences, or phrased differently: how do you intend to mitigate fwsnorts pitfalls? |
|
|
|
|
01-05-2015, 05:49 AM
|
#5
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
Code:
# cpanm IPTables::Parse
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz ... OK
Configuring IPTables-Parse-1.1 ... N/A
! Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
==================================================================================================== ===========
that log file ::
Code:
panm (App::cpanminus) 1.6922 on perl 5.016003 built for x86_64-linux-thread-multi
Work directory is /root/.cpanm/work/1420457450.6872
You have make /usr/bin/make
You have LWP 6.05
You have /usr/bin/tar: tar (GNU tar) 1.26
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by John Gilmore and Jay Fenlason.
You have /usr/bin/unzip
Searching IPTables::Parse on cpanmetadb ...
--> Working on IPTables::Parse
Fetching http://www.cpan.org/authors/id/M/MR/MRASH/IPTables-Parse-1.1.tar.gz
-> OK
Unpacking IPTables-Parse-1.1.tar.gz
Entering IPTables-Parse-1.1
Checking configure dependencies from META.json
Checking if you have ExtUtils::MakeMaker 0 ... Yes (6.68)
Configuring IPTables-Parse-1.1
Running Makefile.PL
Checking if your kit is complete...
Looks good
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
at /usr/share/perl5/vendor_perl/ExtUtils/MM_Any.pm line 830.
JSON::PP 2.27103 is not available
at /usr/share/perl5/vendor_perl/CPAN/Meta/Converter.pm line 23.
-> N/A
-> FAIL Configure failed for IPTables-Parse-1.1. See /root/.cpanm/work/1420457450.6872/build.log for details.
==================================================================================================== ==========
I work for an educational institute and like I wrote in my previous post that I am behind a proxy and have a dns server and nearly thousand users.And they want to implement IPS in Intranet.
Sir, honestly I don't have any idea about "fwsnort pitfalls", I read through many docs (for open source IPS) and found some solution, fwsnort is one of them which can be integrated with snort to parse its rules to IPTables, others are --snortsam,suricata. I selected fwsnort just because I have snort IDS working.
Would you please consider my request and tell me about fwsnort pitfalls.
regards,
nm |
|
|
|
|
01-05-2015, 01:44 PM
|
#6
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Quote:
Originally Posted by NM04
Code:
JSON::PP 2.27103 is not available
|
I told you how the exact module name and where to find it!
Quote:
Originally Posted by NM04
I selected fwsnort just because I have snort IDS working. Would you please consider my request and tell me about fwsnort pitfalls.
|
fwsnort "converts" Snort rules to be used as iptables rules. It does this by using iptables "string match" module. String matching is not good for performance and it won't be able to filter traffic as accurately as Snort does. Some Snort rules probably can't even be translated to iptables rules so the value of what you will be left with detection-wise will be questionable. In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata. |
|
|
1 members found this post helpful.
|
|
01-06-2015, 10:39 PM
|
#7
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
I told you how the exact module name and where to find it!
|
Ok if I don't use fwsnort (because of that drawback), I dont have to install this JSON::PP module.
Quote:
Originally Posted by unSpawn
In short: if there is no explicit and compelling reason to use fwsnort then choose Snort instead or Suricata.
|
Ok if I choose snort , because I have already implemented it as an IDS and working fine, what other options do I have to make it work like an IPS ? I have tried to install Snortsam but I am stuck. If something can be done with the current implementation I would be more than happy!! If not then I will have to go for suricata.
regards,
nm |
|
|
|
|
01-07-2015, 01:28 PM
|
#8
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Quote:
Originally Posted by NM04
I have tried to install Snortsam but I am stuck.
|
Please create a new thread and post detailed, exact information there:
- Linux distribution and release,
- which software + versions you installed,
- any steps you took to install software if they deviate from the software instructions, and
- the errors you got, and
- what you have tried to fix them. |
|
|
|
|
01-07-2015, 11:06 PM
|
#9
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
yes Sir I will, actually I am stuck because I can't find binary of snort in my system. And Sir please consider my request an advise me commercially available software products for firewall, IPS/IDS, which you think are best for an Institutions network as we are growing fast and expecting 5000-10000 users or may be more in next 3-5 years.
best regards,
nm
|
|
|
|
|
01-08-2015, 05:34 PM
|
#10
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Quote:
Originally Posted by NM04
yes Sir I will, actually I am stuck because I can't find binary of snort in my system.
|
Then I assert you haven't even tried searching see: https://www.snort.org/downloads
Quote:
Originally Posted by NM04
please consider my request an advise me commercially available software products
|
I'm sorry, Dave. I'm afraid I can't do that (as I am not a travelling salesman ;-p). |
|
|
|
|
01-08-2015, 10:23 PM
|
#11
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
Apologies, I never meant to disrespect you.
|
|
|
|
|
01-10-2015, 03:05 AM
|
#12
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Likewise I do not see you showing any disrespect. So, will you be continuing with fwsnort or will you move to Snort itself?
|
|
|
|
|
01-11-2015, 10:35 PM
|
#13
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
I am not going with fwsnort, I will try "snortsam" first, if it works all good, otherwise---suricata.
|
|
|
|
|
01-13-2015, 06:04 PM
|
#14
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
OK, good luck!
|
|
|
|
|
01-13-2015, 10:19 PM
|
#15
|
|
Member
Registered: Jan 2011
Distribution: Back Track,Fedora,centos
Posts: 240
Original Poster
Rep:
|
thanks!
|
|
|
|
All times are GMT -5. The time now is 04:29 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
