Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] problem starting snort..kindly help

from [Joel Esler] Network Security [Permanent Link]
Subject: Re: [Snort-users] problem starting snort..kindly help
Date: Mon, 28 May 2007 20:00:03 -0400
I am looking at your history file here, and it looks like you descended into the snort dir, and did a config, but you never did a make nor a make install.

Kinda need to do that.



joel esler | security consultant | Sourcefire | pgp  key is public



On May 28, 2007, at 7:26 PM, pearl carlo wrote:

Hi Scott, atkins, and rmkml

here is what i did after downloading the required packages to / local/usr/src

43  cd /usr/local
   44  tar zxvf src/pcre-7.1.tar.gz
   45  cd pcre-7.1
   46  ./configure
   47  make
   48  make install
   49  cd ..
   50  tar zxvf src/libnet-1.0.2a.tar.gz
   51  cd Libnet-1.0.2a/
   52  ./configure
   53  make
   54  make install
   55  cd ..
   56  tar zxvf src/libpcap-0.9.4.tar.gz
   57  cd libpcap-0.9.4/
   58  ./configure
   59  make
   60  make install
   61  cd ..
   62  tar zxvf src/snort-2.6.1.5.tar.gz
   63  cd snort-2.6.1.5/

In between here i installed mysql through rpm (devel and admin)

78 ./configure --enable-flexresp --with-mysql --enable- dynamicplugin
79 mkdir /etc/snort
80 mkdir /var/log/snort
81 tar zxvf /usr/local/src/snortrules-snapshot-CURRENT.tar.gz - C /etc/snort
82 cp etc/*.conf* /etc/snort
83 cp etc/*.map /etc/snort
84 ln -s /usr/local/bin/snort /usr/sbin/snort
85 groupadd snort
86 useradd -g snort snort
87 chown snort:snort /var/log/snort
88 vi /etc/snort/snort.conf
89 vi /etc/snort/snort.conf
here i have chaged the RULE_PATH in the snort.conf file



  112  service mysqld status
  113  service mysqld start

here i had some problems related to mysql , sorted those out and continued
setting mysql
it took the schema and no problems creating database here

  164  /usr/local/bin/snort -c /etc/snort/snort.conf
 at this stage i get the message
bash: /usr/local/bin/snort: No such file or directory

  whereis snort
or
whereis snort.conf
gives me
snort: /usr/sbin/snort /etc/snort

and if i give
/usr/sbin/snort -c /etc/snort/snort.conf i get the follwing
bash: /usr/local/bin/snort: No such file or directory

tail -f /var/log/messages gives me following

May 28 15:54:53 localhost last message repeated 50 times
May 28 15:55:55 localhost last message repeated 50 times
May 28 15:56:57 localhost last message repeated 50 times
May 28 15:57:59 localhost last message repeated 50 times
May 28 15:59:01 localhost last message repeated 50 times
May 28 16:00:03 localhost last message repeated 50 times
May 28 16:01:05 localhost last message repeated 50 times
May 28 16:02:07 localhost last message repeated 50 times
May 28 16:03:09 localhost last message repeated 50 times
May 28 16:04:11 localhost last message repeated 50 times

Is it that i need to uninstall the packages and relaod the rpm based version..
can somebody give me clue to progress further and give me some idea what is going on and where could be the mistake...

appreciating for your time ..

pearl






"Atkins, Dwane P" <ATKINSD@uthscsa.edu> wrote:
Pearl,

If you do a tail -f /var/log/messages, do you see any errors? Did you try and reconfigure it with the --with-mysql?


From: pearl carlo [mailto:pearlcarlo@yahoo.com]
Sent: Mon 5/28/2007 1:29 AM
To: Atkins, Dwane P
Subject: RE: [Snort-users] problem starting snort..kindly help

i am trying to install snort 2.6.1.5


"Atkins, Dwane P" <ATKINSD@uthscsa.edu> wrote:

What version are you trying to install? I can only guess since I am
rather new, but you may want to attempt to ./configure --with-mysql
Make
Make install


-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of pearl
carlo
Sent: Sunday, May 27, 2007 10:29 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] problem starting snort..kindly help

hi all
i have installed all the required packages and has set up the database
also successfully in mysql but now after doing all the hardwork when i
am trying to start the snort by writing the following
/usr/local/bin/snort -c /etc/snort/snort.conf

i get the following message ..i am unable to understand what i am
missing
bash: /usr/local/bin/snort: No such file or directory

and when i cd to directory structure ....it really do not exist...i hope
that is suppose to be created by snort during installation..

kindly help..i have wasted quite a time on that
pearl


________________________________

Bored stiff?
Loosen up...
Download and play hundreds of games for free
on Yahoo!
Games.

Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out.


Need a vacation? Get great deals to amazing places on Yahoo! Travel.
---------------------------------------------------------------------- ---
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/ _______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users 

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] problem starting snort..kindly help, pearl carlo
Next by Date:  Re: [Snort-users] problem starting snort..kindly help, pearl carlo
Previous by Thread:  Re: [Snort-users] problem starting snort..kindly help, pearl carlo
Next by Thread:  Re: [Snort-users] problem starting snort..kindly help, pearl carlo
Indexes:  [Date] [Thread] [Top] [All Lists]