Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Same error on both my RHEL5 servers using 2.6.1.5.  

I wonder if this is an issue:

rpm -qa | grep libpcap 
libpcap-0.9.4-8.1 
libpcap-devel-0.9.4-8.1 
libpcap-0.9.4-8.1  

It shows two libpcaps installed and it won't let me remove any of them.

-Dan

-----Original Message-----
From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com] 
Sent: Monday, May 14, 2007 1:15 PM
To: Dan Brummer; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Just tried with snort 2.6.1.5 on RHEL 5 yum'd to date with no RPMforge
repo's installed and it is working.  Try the new version and see if that
helps.

[root@snort snort-2.6.1.5]# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.6.1.5 (Build 59)  
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.



> -----Original Message-----
> From: snort-users-bounces@lists.sourceforge.net [mailto:snort-users- 
> bounces@lists.sourceforge.net] On Behalf Of Dan Brummer
> Sent: Monday, May 14, 2007 1:58 PM
> To: hhoffman@ip-solutions.net
> Cc: snort-users@lists.sourceforge.net
> Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5
>
> Verify on  libpcap-devel comes back blank.  Tried removing it and 
> readding, still same issue.
>
> -----Original Message-----
> From: Harry Hoffman [mailto:hhoffman@ip-solutions.net]
> Sent: Monday, May 14, 2007 11:30 AM
> To: Dan Brummer
> Cc: snort-users@lists.sourceforge.net
> Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5
>
> I was just emailing back and forth with another person who has/had 
> this same problem.
>
> Is libpcap-devel installed on your system? If it is please get a 
> listing of files in the rpm db and verify the integrity of the 
> package. If not intact, please remove and then re-install the -devel 
> package and see if that works.
>
>
> Verify Files:
> rpm -V libpcap-devel
>
> Cheers,
> Harry
>
>
> > Any ideas on this guys?  I'm still unable to get it to work, SELinux

> > disabled.  I'm thinking about downgrading to RHEL4 but I may run 
> > into hardware issues.
> >
> > -Dan
> >
> > -----Original Message-----
> > From: snort-users-bounces@lists.sourceforge.net
> > [mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of 
> > Harry Hoffman
> > Sent: Friday, May 11, 2007 5:01 PM
> > Cc: snort-users@lists.sourceforge.net
> > Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5
> >
> > If you believe it's SELINUX you can check the logs:
> >
> > audit2allow -i /var/log/messages
> >
> > or temporarily disable selinux
> > setenforce 0
> >
> > HTH,
> > Harry
> >
> >
> > On Fri, 11 May 2007, Patrick S. Harper wrote:
> >
> > > Selinux can break a lot of things if not set properly, it takes a 
> > > good
> >
> > > bit of tweaking
> > >
> > > Patrick S. Harper | CISSP RHCT MCSE www.internetsecurityguru.com
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Peper Gisi [mailto:pgisi@flatironfs.com]
> > > > Sent: Friday, May 11, 2007 3:33 PM
> > > > To: Dan Brummer; Patrick S. Harper;
> > > > snort-users@lists.sourceforge.net
> > > > Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on
> RHEL5
> > > > I actually just had the same issue yesterday with CentOS5. I was
> > > > using Patrick's directions and had to do a couple of things a
> > > > little
> >
> > > > different like SELinux comes after the reboot. I have tried
> > > > everything that I could think of and still get the same error
that
> > Dan is getting.
> > > > I took the box back to 4.4 and no issues ... except fort
importing
> > > > the GPG key for NTOP but that is unrelated.
> > > >
> > > > Peper
> > > >
> > > > ________________________________
> > > >
> > > > From: snort-users-bounces@lists.sourceforge.net on behalf of Dan
> > > > Brummer
> > > > Sent: Fri 5/11/2007 2:20 PM
> > > > To: Patrick S. Harper; snort-users@lists.sourceforge.net
> > > > Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on
> RHEL5
> > > > Yea this is very confusing.  This is a brand new installation of
> > > > RHEL5 with the latest updates from RHN via yum.
> > > >
> > > > -Dan
> > > >
> > > > -----Original Message-----
> > > > From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com]
> > > > Sent: Friday, May 11, 2007 1:17 PM
> > > > To: Dan Brummer; snort-users@lists.sourceforge.net
> > > > Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on
> RHEL5
> > > > I have the same setup in my lab and it worked for me.  I have not
> > > > gotten a copy of the real RHEL 5 yet though, I am running on
> CentOS
>
> > > > 5.  That should not make a difference though
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: snort-users-bounces@lists.sourceforge.net
> > > > > [mailto:snort-users- bounces@lists.sourceforge.net] On Behalf
Of
> > > > > Dan Brummer
> > > > > Sent: Friday, May 11, 2007 1:14 PM
> > > > > To: snort-users@lists.sourceforge.net
> > > > > Subject: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5
> > > > >
> > > > > Hello,
> > > > > I'm trying to install Snort 2.6.1.4 from source on a RHEL5
> server.
> > > > > I get the following error:
> > > > >
> > > > > ERROR!  Libpcap library/headers not found
> > > > >
> > > > > I currently have libpcap installed by RPM:
> > > > > rpm -qa |grep libpcap
> > > > > libpcap-0.9.4-8.1
> > > > > libpcap-devel-0.9.4-8.1
> > > > >
> > > > > Here's a list of the libpcap files:
> > > > > /usr/include/pcap-bpf.h
> > > > > /usr/include/pcap-namedb.h
> > > > > /usr/include/pcap.h
> > > > > /usr/lib/libpcap.a
> > > > > /usr/lib/libpcap.so
> > > > > /usr/lib/libpcap.so.0
> > > > > /usr/lib/libpcap.so.0.9
> > > > > /usr/lib/libpcap.so.0.9.4
> > > > >
> > > > > I've tried running ./configure with '--with-libpcap-
> > > > > includes=/usr/include --with-libpcap-libraries=/usr/lib' and
> > > > > still
> >
> > > > > expierence the error.  Any help on this would be greatly
> > appreciated.
> > > > > Thank you.
> > > > > Daniel Brummer
> > > > > Vegas.com Network Engineer I
------------------------------------------------------------------
> -
> > > > -
> > > > ---
> > > > --
> > > > This SF.net email is sponsored by DB2 Express Download DB2
Express
> > > > C
> >
> > > > - the FREE version of DB2 express and take control of your XML.
No
> > > > limits. Just data. Click to get it now.
> > > > http://sourceforge.net/powerbar/db2/
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users@lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------------------------------
> -
> > > -
> > > --- This SF.net email is sponsored by DB2 Express Download DB2
> > > Express
> >
> > > C - the FREE version of DB2 express and take control of your XML.
No
> > > limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------------------------------------------------------------
> -
> > --
> > -
> > This SF.net email is sponsored by DB2 Express Download DB2 Express C
> -
>
> > the FREE version of DB2 express and take control of your XML. No
> limits.
> > Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------------------------------------------------------------
> -
> > --- This SF.net email is sponsored by DB2 Express Download DB2
> Express
>
> > C - the FREE version of DB2 express and take control of your XML. No
> > limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----------------------------------------------------------------------
> --
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users