Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

from [Dan Brummer] Network Security [Permanent Link]
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5
Date: Thu, 17 May 2007 08:40:14 -0700 
Downgrade to RHEL4 solved my problem.  Thanks all for the help.

-Dan 

-----Original Message-----
From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com] 
Sent: Wednesday, May 16, 2007 2:12 PM
To: Dan Brummer; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

I know it will work on RHEL 4 but I also did an install on RHEL 5
yesterday per my doc and it worked the same.  I also know it works the
same in CentOS
4 and 5



-----Original Message-----
From: Dan Brummer [mailto:dan.brummer@vegas.com]
Sent: Wednesday, May 16, 2007 3:41 PM
To: Patrick S. Harper; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Remove and reinstall of libpcap and libpcap-devel did not fix :\

I'm going to downgrade to RHEL4 and see if I can get the system up.
Thanks.



-----Original Message-----
From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com]
Sent: Monday, May 14, 2007 6:21 PM
To: Dan Brummer; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

yum remove libpcap*.* might help.



-----Original Message-----
From: Dan Brummer [mailto:dan.brummer@vegas.com]
Sent: Monday, May 14, 2007 5:33 PM
To: Patrick S. Harper; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Same error on both my RHEL5 servers using 2.6.1.5.

I wonder if this is an issue:

rpm -qa | grep libpcap
libpcap-0.9.4-8.1
libpcap-devel-0.9.4-8.1
libpcap-0.9.4-8.1

It shows two libpcaps installed and it won't let me remove any of

them.


-Dan

-----Original Message-----
From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com]
Sent: Monday, May 14, 2007 1:15 PM
To: Dan Brummer; hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Just tried with snort 2.6.1.5 on RHEL 5 yum'd to date with no

RPMforge


repo's installed and it is working.  Try the new version and see if 
that helps.

[root@snort snort-2.6.1.5]# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.6.1.5 (Build 59)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.




-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net [mailto:snort-

users-


bounces@lists.sourceforge.net] On Behalf Of Dan Brummer
Sent: Monday, May 14, 2007 1:58 PM
To: hhoffman@ip-solutions.net
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on 
RHEL5

Verify on  libpcap-devel comes back blank.  Tried removing it and 
readding, still same issue.

-----Original Message-----
From: Harry Hoffman [mailto:hhoffman@ip-solutions.net]
Sent: Monday, May 14, 2007 11:30 AM
To: Dan Brummer
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on 
RHEL5

I was just emailing back and forth with another person who has/had



this same problem.

Is libpcap-devel installed on your system? If it is please get a 
listing of files in the rpm db and verify the integrity of the 
package. If not intact, please remove and then re-install the -

devel


package and see if that works.


Verify Files:
rpm -V libpcap-devel

Cheers,
Harry



Any ideas on this guys?  I'm still unable to get it to work,

SELinux


disabled.  I'm thinking about downgrading to RHEL4 but I may run



into hardware issues.

-Dan

-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of 
Harry Hoffman
Sent: Friday, May 11, 2007 5:01 PM
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on
RHEL5

If you believe it's SELINUX you can check the logs:

audit2allow -i /var/log/messages

or temporarily disable selinux
setenforce 0

HTH,
Harry


On Fri, 11 May 2007, Patrick S. Harper wrote:


Selinux can break a lot of things if not set properly, it takes

a


good



bit of tweaking

Patrick S. Harper | CISSP RHCT MCSE 
www.internetsecurityguru.com




-----Original Message-----
From: Peper Gisi [mailto:pgisi@flatironfs.com]
Sent: Friday, May 11, 2007 3:33 PM
To: Dan Brummer; Patrick S. Harper; 
snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5


I actually just had the same issue yesterday with CentOS5. I 
was using Patrick's directions and had to do a couple of

things


a little



different like SELinux comes after the reboot. I have tried 
everything that I could think of and still get the same error

that

Dan is getting.

I took the box back to 4.4 and no issues ... except fort

importing

the GPG key for NTOP but that is unrelated.

Peper

________________________________

From: snort-users-bounces@lists.sourceforge.net on behalf of 
Dan Brummer
Sent: Fri 5/11/2007 2:20 PM
To: Patrick S. Harper; snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5




Yea this is very confusing.  This is a brand new installation



of
RHEL5 with the latest updates from RHN via yum.

-Dan

-----Original Message-----
From: Patrick S. Harper

[mailto:patrick@internetsecurityguru.com]

Sent: Friday, May 11, 2007 1:17 PM
To: Dan Brummer; snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5


I have the same setup in my lab and it worked for me.  I have

not

gotten a copy of the real RHEL 5 yet though, I am running on

CentOS


5.  That should not make a difference though




-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users- bounces@lists.sourceforge.net] On

Behalf

Of

Dan Brummer
Sent: Friday, May 11, 2007 1:14 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5


Hello,
I'm trying to install Snort 2.6.1.4 from source on a RHEL5

server.



I get the following error:

ERROR!  Libpcap library/headers not found

I currently have libpcap installed by RPM:
rpm -qa |grep libpcap
libpcap-0.9.4-8.1
libpcap-devel-0.9.4-8.1

Here's a list of the libpcap files:
/usr/include/pcap-bpf.h
/usr/include/pcap-namedb.h
/usr/include/pcap.h
/usr/lib/libpcap.a
/usr/lib/libpcap.so
/usr/lib/libpcap.so.0
/usr/lib/libpcap.so.0.9
/usr/lib/libpcap.so.0.9.4

I've tried running ./configure with '--with-libpcap- 
includes=/usr/include --with-libpcap-libraries=/usr/lib' 
and still



expierence the error.  Any help on this would be greatly

appreciated.


Thank you.
Daniel Brummer
Vegas.com Network Engineer I




------------------------------------------------------------------

-

-
---
--
This SF.net email is sponsored by DB2 Express Download DB2

Express

C



- the FREE version of DB2 express and take control of your

XML.

No

limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net Go to this URL to change

user


options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users











--------------------------------------------------------------------

-

-
--- This SF.net email is sponsored by DB2 Express Download DB2 
Express



C - the FREE version of DB2 express and take control of your

XML.

No

limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net Go to this URL to change user



options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--------------------------------------------------------------------
-

-

--
-
This SF.net email is sponsored by DB2 Express Download DB2

Express

C

-


the FREE version of DB2 express and take control of your XML. No

limits.

Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net Go to this URL to change user 
options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--------------------------------------------------------------------
-

-

--- This SF.net email is sponsored by DB2 Express Download DB2

Express


C - the FREE version of DB2 express and take control of your

XML.

No

limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net Go to this URL to change user 
options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--------------------------------------------------------------------
-

-

-

--
This SF.net email is sponsored by DB2 Express Download DB2 Express

C


- the FREE version of DB2 express and take control of your XML. No



limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] non-standard-protocol : BAD-TRAFFIC IP Proto 103 PIM, David Ryan
Next by Date:  Re: [Snort-users] non-standard-protocol : BAD-TRAFFIC IP Proto 103 PIM, doug schmidt
Previous by Thread:  Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5, Patrick S. Harper
Next by Thread:  Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5, Alex Butcher
Indexes:  [Date] [Thread] [Top] [All Lists]