Snort mailing list archives

RE: I am using Petrick harper's guide still have problems !!

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Mon, 13 Sep 2004 14:57:34 -0500

Simplest solution, build the sensors the exact same way as the manager
except do not do the "chkconfig mysqld on" or "chkconfig httpd on"  then
tell the manager to let the mysql snort user form the IP of the sensor
log to the snort database on the manager.  Then POOF it works. 


 
-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com] 
Sent: Monday, September 13, 2004 11:33 AM
To: Harper, Patrick
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
problems !!


The management server is working fine ( with acid and all that).

It is the sensor I have problem with.

Now I found:
root@snort_jr_dmz snortinstall]# rpm -ivh libssl-0.9.6i-alt1.i586.rpm
warning: libssl-0.9.6i-alt1.i586.rpm: V3 DSA signature: NOKEY, key ID
eac91ca0
error: Failed dependencies:
        /sbin/post_ldconfig is needed by libssl-0.9.6i-alt1
        /sbin/postun_ldconfig is needed by libssl-0.9.6i-alt1

Where can I find those two filles he needs ?

I just have a dependencies problem that's all...

Thanks Petrick

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper () phns com]
Sent: Monday, September 13, 2004 7:18 PM
To: Juan Fernandez; snort-users () lists sourceforge net
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
problems !!

Sounds like you did not install the OS per that doc.  If you follow it
end to end it will work.  Try getting one box up first before you go off
to try an enterprise deployment.  Just start with a system with nothing
on it.  Go page by page through the fedora core 1 doc at
www.internetsecurityguru.com and when you are done, if you followed
directions, you will have a working snort sensor.  Then you can start
deploying whatever else you want, but get one working first.  What you
are trying to do is like a child that has never ridden a bike wanting to
compete at the x-games.  Get on the tricycle first and then move on.
 
-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com]
Sent: Monday, September 13, 2004 7:54 AM
To: 'Patrick S. Harper'; 'snort-users () lists sourceforge net'
Subject: [Snort-users] I am using Petrick harper's guide still have
problems !!


Hi !

I us fedora core 1 (now I am trying to install the sensor from the guide
of Patrick harper) .

When I try to install snort-mysql-2.1.3-0.fdr.1.i386.rpm I receive the
next:

[root@snort_jr_dmz snortinstall]# rpm -ivh
snort-mysql-2.1.3-0.fdr.1.i386.rpm
error: Failed dependencies:
        libmysqlclient.so.10 is needed by snort-mysql-2.1.3-0.fdr.1
[root@snort_jr_dmz snortinstall]# find / -name libmysqlclient.so.10
/usr/local/mysql/lib/mysql/libmysqlclient.so.10
/snortinstall/mysql-3.23.52/libmysql/.libs/libmysqlclient.so.10

I also tried to download and install
libmysqlclient12-4.0.20-67426cl.i386.rpm and this is what I recieved:

[root@snort_jr_dmz snortinstall]# rpm -ivh
libmysqlclient12-4.0.20-67426cl.i386.rpm
error: Failed dependencies:
        libcrypto.so.0.9.7 is needed by libmysqlclient12-4.0.20-67426cl
        libssl.so.0.9.7 is needed by libmysqlclient12-4.0.20-67426

Do I need to download crypto52 and install? the depandencies in really a
nightmare  !!!

Thanks !!

-----Original Message-----
From: Juan Fernandez
Sent: Monday, September 13, 2004 2:02 PM
To: 'Patrick S. Harper'; Juan Fernandez;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] guides on the snort site



How Give permissions ?

Sorry I new in linux.

Open ports you mean to oprn ports if the sensors and the management are
seperated with a Firewall in the middle?

Thanks !!


-----Original Message-----
From: Patrick S. Harper [mailto:patrick () internetsecurityguru com] 
Sent: Monday, September 13, 2004 1:51 PM
To: 'Juan Fernandez'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] guides on the snort site

The one I wrote (I would use the newer one on my site and not the RH9
one on
the snort.org site) can be easily modified for what you want.  Just open
the
ports and give permissions on the manager for the mysql users on the
sensors
to log in to the database. 




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light
the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Juan
Fernandez
Sent: Monday, September 13, 2004 3:34 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] guides on the snort site

Hi !

 

I looked for installing guides on the site.

 

I found guides that explain only installing the sensor and the
management on
the same machine.

 

I have (will have 4 sensors and one management) I use fedora.

 

Which guide to pick up?

 

Thanks!!!




-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 








Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

I am using Petrick harper's guide still have problems !! Juan Fernandez (Sep 13)
- Re: I am using Petrick harper's guide still have problems !! Paul Martin (Sep 13)
- Re: I am using Petrick harper's guide still have problems !! Alex Butcher, ISC/ISYS (Sep 13)
- Re: I am using Petrick harper's guide still have problems !! Jose Maria Lopez (Sep 13)
- <Possible follow-ups>
- RE: I am using Petrick harper's guide still have problems !! Harper, Patrick (Sep 13)
- I am using Petrick harper's guide still have problems !! Juan Fernandez (Sep 13)
- RE: I am using Petrick harper's guide still have problems !! Lance Boon (Sep 13)
  - Re: I am using Petrick harper's guide still have problems !! Sean Brown (Sep 13)
- Re: I am using Petrick harper's guide still have problems !! M Shirk (Sep 13)
- RE: I am using Petrick harper's guide still have problems !! Harper, Patrick (Sep 13)
- RE: I am using Petrick harper's guide still have problems !! Jonathan Jesse (Sep 14)