Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0

from [Will Metcalf] Network Security [Permanent Link]
Subject: Re: [Snort-users] Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0
Date: Fri, 25 Aug 2006 17:35:45 -0500 
Well kind of..... No it doesn't work on Solaris, you need to follow these
directions when dealing with redhat.....  Not sure about SUSE never used
it.

Regards,

Will


  - Question:  I am having problems compiling snort_inline.  Here is a
  sample of the error messages I get during compilation:

gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors  -I/usr/include
-g -O2 -Wall -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f 'spo_alert_fast.c'
|| echo './'`spo_alert_fast.c
In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10,
                from /usr/include/libipq.h:37,
                from ../../src/inline.h:8,
                from ../../src/snort.h:38,
                from spo_alert_fast.c:51:
/usr/include/linux/if.h:59: redefinition of `struct ifmap'
/usr/include/linux/if.h:77: redefinition of `struct ifreq'
/usr/include/linux/if.h:126: redefinition of `struct ifconf'
make[3]: *** [spo_alert_fast.o] Error 1
make[3]: Leaving directory
`/home/matt/src/BUILD/snort-2.0.5/src/output-plugins'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5'
make: *** [all] Error 2

Answer:  You need to update the kernel headers used by your glibc.  A quick
fix is to create a link between /usr/include and the include directory of
your kernel source.  For example, if you are trying to use this with kernel
version 2.4.24, you can do the following:

cd /usr/include
mv linux linux.orig
ln -s /usr/src/linux-2.4.24/include/linux linux

Now simply go to your snort_inline directory and recompile (make clean
first).

** That is, point to a set of "real" kernel includes instead of RH's
glibc-kernheaders package. **

On 8/25/06, Joel Esler <joel.esler@sourcefire.com> wrote: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are exactly right.  Compile the latest version of Snort --enable-
inline, and there you have it.

J

On Aug 25, 2006, at 3:35 PM, Escudero, Peter Louis wrote:

> Greetings. Does inline-snort work with Solaris 10, SuSE 9.x/10.x &
> RedHat Enterprise Linux 3.0? How/where do I get the latest version?
> I found v1.9.1-2 on the snort website, but it's dated April 2003.
> Do I just compile the latest snort with the option "--enable-
> inline"? Any info you can provide will be greatly appreciated.
>
> Thanks,
>
> Peter Escudero
>
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?
> cmd=lnk&kid=120709&bid=263057&dat=121642______________________________
> _________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
        Snort - Open Source Network IPS/IDS -- http://www.snort.org
          gpg key: http://demo.sourcefire.com/jesler.pgp.key
            aim:eslerjoel  ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFE73RZKbCSyXHckt4RArfSAJ9VCGrqSZbo/7wxVPPM+6OXvnqbSgCfVdRD
YcZV1ZdkQteeOpt2AX5Qx3s=
=g/rY
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0, Joel Esler
Next by Date:  Re: [Snort-users] New to snort. Does this look normal., Jason
Previous by Thread:  Re: [Snort-users] Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0, Joel Esler
Next by Thread:  [Snort-users] IBM did not invent the PC nor the IDS, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]