Snort mailing list archives
Re: Problem to configure DAQ on SNORT
From: "vpiserchia () gmail com" <vpiserchia () gmail com>
Date: Fri, 13 Sep 2013 14:53:11 +0200
Hello the main problem here is that the libnetfilter_queue*.rpm packages are missing in the centos6 distro (see for example this [1]) so you have two options here: - compile it by your self, but probably you have also to compile other libnetfilter modules - or using a custom repository containing the needed packages In the first case for example see [3] (search in the page) In the second case here some repos from google: - clearOS repository, for example see this [1] - rebuilding the package from Fedora 14, see [2] - rayen repo, here [4], the repo key is here [5] [1] http://yaplej.blogspot.it/2013/02/centos-rhel-63-missing-libnetfilterqueue.html [2] http://darkgate.net/blog/?p=1467 [3] https://code.google.com/p/kanet/wiki/Kanet_install_centos6_rhel6 [4] http://rnd.rajven.net/centos [5] http://rnd.rajven.net/RPM-GPG-KEY-rajven.net hope this help regards vito On 09/13/2013 02:05 PM, Kelevra Slevin wrote:
I downloaded and install this libs, but nothing. I'm still getting the message: checking libipq.h usability... no checking libipq.h presence... no checking for libipq.h... no checking for linux/netfilter.h... yes checking for netinet/in.h... (cached) yes checking libnetfilter_queue/libnetfilter_queue.h usability... no checking libnetfilter_queue/libnetfilter_queue.h presence... no checking for libnetfilter_queue/libnetfilter_queue.h... no But when I was installing ibnfnetlink-0.0.30-1.x86_64.rpm I got this message: sudo rpm -i libnfnetlink-0.0.30-1.x86_64.rpm package libnfnetlink-1.0.0-1.el6.x86_64 (which is newer than libnfnetlink-0.0.30-1.x86_64) is already installed package libnfnetlink-1.0.0-1.el6.i686 (which is newer than libnfnetlink-0.0.30-1.x86_64) is already installed file /usr/lib64/libnfnetlink.so.0.2.0 from install of libnfnetlink-0.0.30-1.x86_64 conflicts with file from package libnfnetlink-1.0.0-1.el6.x86_64 And I think that the problem is in which lib the ./configure is using, because I already have libnfnetlink installed on lib64/. In the configure file has this code: if test "$enable_nfq_module" = yes; then for ac_header in netinet/in.h libnetfilter_queue/libnetfilter_queue.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF else enable_nfq_module=no but I don't know how to change it to redirect. On Fri, Sep 13, 2013 at 6:15 AM, Y M <snort () outlook com <mailto:snort () outlook com>> wrote: Have you tried compiling/using rpms (if available) of the following: libnetfilter_queue-devel libnfnetlink libnfnetlink-devel Looking at your output: checking libipq.h usability... no checking libipq.h presence... no checking for libipq.h... no checking for linux/netfilter.h... yes checking for netinet/in.h... (cached) yes checking libnetfilter_queue/libnetfilter_queue.h usability... no checking libnetfilter_queue/libnetfilter_queue.h presence... no checking for libnetfilter_queue/libnetfilter_queue.h... no Some google searching and got below rpms (never tested them myself, or if they are available): x86: http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-0.0.15-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-devel-0.0.15-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-0.0.30-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-devel-0.0.30-1.i386.rpm x86_64: http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.15-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-0.0.30-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-0.0.30-1.x86_64.rpm Finally, Snort will work just fine alerting on "alert" rules while running inline and dropping packets with "drop" rules. YM ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ From: Kelevra Slevin <mailto:kelevra19 () gmail com> Sent: 9/13/2013 4:51 AM To: Safwat <mailto:safwat1242 () gmail com> Cc: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Problem to configure DAQ on SNORT I already search for a solution to this problem on centOS, but I barely found anything and when I found is another OS. If someone knows a way to redirect to another lib, like libnetfilter_contrack, I would apreciate the help. One more thing, with this config Snort will work properly as an IDS? On Thu, Sep 12, 2013 at 5:42 PM, Safwat <safwat1242 () gmail com <mailto:safwat1242 () gmail com>> wrote: We also have the same problem, and could not find solution ____ __ __ __ __ __ __ *From:*Kelevra Slevin [mailto:kelevra19 () gmail com <mailto:kelevra19 () gmail com>] *Sent:* Thursday, September 12, 2013 4:37 PM *To:* snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> *Subject:* [Snort-users] Problem to configure DAQ on SNORT____ __ __ I'm new using Snort and i'm having problem to compile DAQ with nfq module. At first I will use as IDS to get use with snort, but in future I would like to use snort as an ips on inline mode. I use cent os 6.____ __ __ After a google search I installed some recommend libs using this commands:____ yum install libnfnetlink*____ yum install libnetfilter_contrack*____ ____ The ./configure of daq:____ checking for a BSD-compatible install... /usr/bin/install -c____ checking whether build environment is sane... yes____ checking for a thread-safe mkdir -p... /bin/mkdir -p____ checking for gawk... gawk____ checking whether make sets $(MAKE)... yes____ checking for gcc... gcc____ checking whether the C compiler works... yes____ checking for C compiler default output file name... a.out____ checking for suffix of executables... ____ checking whether we are cross compiling... no____ checking for suffix of object files... o____ checking whether we are using the GNU C compiler... yes____ checking whether gcc accepts -g... yes____ checking for gcc option to accept ISO C89... none needed____ checking for style of include used by make... GNU____ checking dependency style of gcc... gcc3____ checking build system type... x86_64-unknown-linux-gnu____ checking host system type... x86_64-unknown-linux-gnu____ checking how to print strings... printf____ checking for a sed that does not truncate output... /bin/sed____ checking for grep that handles long lines and -e... /bin/grep____ checking for egrep... /bin/grep -E____ checking for fgrep... /bin/grep -F____ checking for ld used by gcc... /usr/bin/ld____ checking if the linker (/usr/bin/ld) is GNU ld... yes____ checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B____ checking the name lister (/usr/bin/nm -B) interface... BSD nm____ checking whether ln -s works... yes____ checking the maximum length of command line arguments... 1966080____ checking whether the shell understands some XSI constructs... yes____ checking whether the shell understands "+="... yes____ checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop____ checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop____ checking for /usr/bin/ld option to reload object files... -r____ checking for objdump... objdump____ checking how to recognize dependent libraries... pass_all____ checking for dlltool... no____ checking how to associate runtime and link libraries... printf %s\n____ checking for ar... ar____ checking for archiver @FILE support... @____ checking for strip... strip____ checking for ranlib... ranlib____ checking command to parse /usr/bin/nm -B output from gcc object... ok____ checking for sysroot... no____ checking for mt... no____ checking if : is a manifest tool... no____ checking how to run the C preprocessor... gcc -E____ checking for ANSI C header files... yes____ checking for sys/types.h... yes____ checking for sys/stat.h... yes____ checking for stdlib.h... yes____ checking for string.h... yes____ checking for memory.h... yes____ checking for strings.h... yes____ checking for inttypes.h... yes____ checking for stdint.h... yes____ checking for unistd.h... yes____ checking for dlfcn.h... yes____ checking for objdir... .libs____ checking if gcc supports -fno-rtti -fno-exceptions... no____ checking for gcc option to produce PIC... -fPIC -DPIC____ checking if gcc PIC flag -fPIC -DPIC works... yes____ checking if gcc static flag -static works... no____ checking if gcc supports -c -o file.o... yes____ checking if gcc supports -c -o file.o... (cached) yes____ checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes____ checking whether -lc should be explicitly linked in... no____ checking dynamic linker characteristics... GNU/Linux ld.so____ checking how to hardcode library paths into programs... immediate____ checking whether stripping libraries is possible... yes____ checking if libtool supports shared libraries... yes____ checking whether to build shared libraries... yes____ checking whether to build static libraries... yes____ checking for visibility support... yes____ checking CFLAGS for gcc -Wall... -Wall____ checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings____ checking CFLAGS for gcc -Wsign-compare... -Wsign-compare____ checking CFLAGS for gcc -Wcast-align... -Wcast-align____ checking CFLAGS for gcc -Wextra... -Wextra____ checking CFLAGS for gcc -Wformat... -Wformat____ checking CFLAGS for gcc -Wformat-security... -Wformat-security____ checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter____ checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing____ checking CFLAGS for gcc -fdiagnostics-show-option... -fdiagnostics-show-option____ checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic -std=c99 -D_GNU_SOURCE____ checking for getaddrinfo... yes____ checking for flex... flex____ checking for flex 2.4 or higher... yes____ checking for bison... bison____ checking linux/if_ether.h usability... yes____ checking linux/if_ether.h presence... yes____ checking for linux/if_ether.h... yes____ checking linux/if_packet.h usability... yes____ checking linux/if_packet.h presence... yes____ checking for linux/if_packet.h... yes____ checking pcap.h usability... yes____ checking pcap.h presence... yes____ checking for pcap.h... yes____ checking for pcap_lib_version in -lpcap... yes____ checking netinet/in.h usability... yes____ checking netinet/in.h presence... yes____ checking for netinet/in.h... yes____ checking libipq.h usability... no____ checking libipq.h presence... no____ checking for libipq.h... no____ checking for linux/netfilter.h... yes____ checking for netinet/in.h... (cached) yes____ checking libnetfilter_queue/libnetfilter_queue.h usability... no____ checking libnetfilter_queue/libnetfilter_queue.h presence... no____ checking for libnetfilter_queue/libnetfilter_queue.h... no____ checking for linux/netfilter.h... (cached) yes____ checking for pcap.h... (cached) yes____ checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... (cached) yes____ checking for libpcap version >= "1.0.0"... yes____ checking for dlopen in -ldl... yes____ checking for inttypes.h... (cached) yes____ checking for memory.h... (cached) yes____ checking netdb.h usability... yes____ checking netdb.h presence... yes____ checking for netdb.h... yes____ checking for netinet/in.h... (cached) yes____ checking for stdint.h... (cached) yes____ checking for stdlib.h... (cached) yes____ checking for string.h... (cached) yes____ checking sys/ioctl.h usability... yes____ checking sys/ioctl.h presence... yes____ checking for sys/ioctl.h... yes____ checking sys/param.h usability... yes____ checking sys/param.h presence... yes____ checking for sys/param.h... yes____ checking sys/socket.h usability... yes____ checking sys/socket.h presence... yes____ checking for sys/socket.h... yes____ checking sys/time.h usability... yes____ checking sys/time.h presence... yes____ checking for sys/time.h... yes____ checking for unistd.h... (cached) yes____ checking for inline... inline____ checking for size_t... yes____ checking for uint16_t... yes____ checking for uint32_t... yes____ checking for uint64_t... yes____ checking for uint8_t... yes____ checking for stdlib.h... (cached) yes____ checking for GNU libc compatible malloc... yes____ checking for stdlib.h... (cached) yes____ checking for unistd.h... (cached) yes____ checking for sys/param.h... (cached) yes____ checking for getpagesize... yes____ checking for working mmap... yes____ checking for gethostbyname... yes____ checking for getpagesize... (cached) yes____ checking for memset... yes____ checking for munmap... yes____ checking for socket... yes____ checking for strchr... yes____ checking for strcspn... yes____ checking for strdup... yes____ checking for strerror... yes____ checking for strrchr... yes____ checking for strstr... yes____ checking for strtoul... yes____ configure: creating ./config.status____ config.status: creating Makefile____ config.status: creating api/Makefile____ config.status: creating os-daq-modules/Makefile____ config.status: creating os-daq-modules/daq-modules-config____ config.status: creating sfbpf/Makefile____ config.status: creating config.h____ config.status: config.h is unchanged____ config.status: executing depfiles commands____ config.status: executing libtool commands____ __ __ Build AFPacket DAQ module.. : yes____ Build Dump DAQ module...... : yes____ Build IPFW DAQ module...... : yes____ Build IPQ DAQ module....... : no____ Build NFQ DAQ module....... : no____ Build PCAP DAQ module...... : yes____ __ __ Thanks in advance,____ SK____ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- <Possible follow-ups>
- Re: Problem to configure DAQ on SNORT Y M (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT vpiserchia () gmail com (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)