Snort mailing list archives
Re: Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0
From: "Will Metcalf" <william.metcalf () gmail com>
Date: Fri, 25 Aug 2006 17:35:45 -0500
Well kind of..... No it doesn't work on Solaris, you need to follow these
directions when dealing with redhat..... Not sure about SUSE never used
it.
Regards,
Will
- Question: I am having problems compiling snort_inline. Here is a
sample of the error messages I get during compilation:
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors -I/usr/include
-g -O2 -Wall -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f 'spo_alert_fast.c'
|| echo './'`spo_alert_fast.c
In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10,
from /usr/include/libipq.h:37,
from ../../src/inline.h:8,
from ../../src/snort.h:38,
from spo_alert_fast.c:51:
/usr/include/linux/if.h:59: redefinition of `struct ifmap'
/usr/include/linux/if.h:77: redefinition of `struct ifreq'
/usr/include/linux/if.h:126: redefinition of `struct ifconf'
make[3]: *** [spo_alert_fast.o] Error 1
make[3]: Leaving directory
`/home/matt/src/BUILD/snort-2.0.5/src/output-plugins'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5'
make: *** [all] Error 2
Answer: You need to update the kernel headers used by your glibc. A quick
fix is to create a link between /usr/include and the include directory of
your kernel source. For example, if you are trying to use this with kernel
version 2.4.24, you can do the following:
cd /usr/include
mv linux linux.orig
ln -s /usr/src/linux-2.4.24/include/linux linux
Now simply go to your snort_inline directory and recompile (make clean
first).
** That is, point to a set of "real" kernel includes instead of RH's
glibc-kernheaders package. **
On 8/25/06, Joel Esler <joel.esler () sourcefire com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You are exactly right. Compile the latest version of Snort --enable- inline, and there you have it. J On Aug 25, 2006, at 3:35 PM, Escudero, Peter Louis wrote: > Greetings. Does inline-snort work with Solaris 10, SuSE 9.x/10.x & > RedHat Enterprise Linux 3.0? How/where do I get the latest version? > I found v1.9.1-2 on the snort website, but it's dated April 2003. > Do I just compile the latest snort with the option "--enable- > inline"? Any info you can provide will be greatly appreciated. > > Thanks, > > Peter Escudero > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ > _________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users +---------------------------------------------------------------------+ joel esler senior security consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org gpg key: http://demo.sourcefire.com/jesler.pgp.key aim:eslerjoel ymsg:eslerjoel gtalk:eslerj +---------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE73RZKbCSyXHckt4RArfSAJ9VCGrqSZbo/7wxVPPM+6OXvnqbSgCfVdRD YcZV1ZdkQteeOpt2AX5Qx3s= =g/rY -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0 Escudero, Peter Louis (Aug 25)
- Re: Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0 Joel Esler (Aug 25)
- Re: Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0 Will Metcalf (Aug 25)
- Re: Inline-Snort & Solaris 10, SuSE 9.x/10.x, RHEL 3.0 Joel Esler (Aug 25)