Yah, sorry if i wasn't clear - i see all the files in snort-<ver>/etc,
and did all that manually. I was just wondering if it was supposed to
happen automagically at install.
Frex, the included snort.conf gives the location of the rules dir as
"../rules," which doesn't seem to fit the other assumptions. The
executable seems to go to /usr/local/bin via 'make install,' and like i
said the manpage goes to the right place; it's the rest of the
supporting cast i was wondering about.
Also, on the subject, the initscript is under the <source>/rpm directory
sitting next to the snort.spec, as is the logrotate snippet and
'snort.sysconfig,' and i'm not really sure why. Having nothing to do
with RPMs, it took me a while to think of poking around in there; due to
the odd placement of those files and the lack of anything going to my
own /etc/snort or /etc/init.d - which, you gotta admit, is not entirely
unexpected behaviour - coupled with the docs assuming these things were
in place, i assumed something had Gone Wrong.
Braley, Ron wrote:
Rob,
In my experience, the .conf files get extracted into the installation
directory/etc (i.e. /usr/local/src/snort-2.4.4/etc).
Not only should you see the snort.conf file there, but threshold.conf
too.
I think library files are put in the proper locations during the
installation process - there's no need to do anything else but the
following:
a. Put the executable file wherever you'd like it to be (/opt/snort/bin
for us . . .)
b. Copy the snort.conf file from the extraction point/etc to wherever
you'd like it to be (i.e. /opt/snort/etc/)
c. Download the rules and include this directory in the snort.conf file
d. Start snort (manually or automatically) - remember to include the
location of the snort.conf file in the command (i.e.
#/opt/snort/bin/snort -i eth5 -c /opt/snort/etc/snort.conf -D
Hope that helps!
Ron Braley, Berbee
Datacenter Security Engineer
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Rob Munsch
Sent: Thursday, March 30, 2006 11:21 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from
source
'allo list,
I've had an odd problem installing 2.4.4 from source. conf/make/make
install goes smoothly, but only the binary itself - and the man page -
actually 'go anywhere.'
I'm not sure if this is deliberate, but i've poked around the docs,
checked the faq, and burned black candles at midnight - no success.
Nothing goes to my /etc; no conf, nothing in init.d, nada. Not the
snort.conf itself nor any of the secondary conf files, nor is a rules
dir created, nor /var/log/snort, etc.
The docs seem to assume these things'll be in place when you run, but
there's no explicit manifesto of needed files. I went and manually
moved stuff around, created the dirs and files needed, etc., but i was
sort of wondering about the whole thing.
Ubuntu seems to want to apt me 2.3.2, and it looks like there's a slew
of bugfixes and whatnot in the 2.4 branch, so i'd rather go with latest
stable source. Is there a reason the various config files, and assorted
log/conf/rules directories, aren't created at install? There doesn't
seem to be any reference to them in the makefile, tho my understanding
there is limited.
Praying fervently not to have caused a drink or three,
--
Rob Munsch
Solutions For Progress IT
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
