RE: I am using Patrick Harper's guide still have pr oblems !!

["Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>]

Hi Juan,

Been following the conversation here.  The problem isn't that no one uses
Linux.  The problem is its free, which equals no vendor, which equals no
support.  You can't just call up your local O/S vendor to ask for help,
unless you have purchased a support contract from someone like Redhat.

The second problem is you have come to a snort users area.  No one here
supports Linux, they help with Snort.  There is a certain assumption of
Linux understanding required before posting here.  Try asking for advice on
a Fedora users mailing list or forum
(http://www.linuxforums.org/forum/viewforum.php?f=35).  You will find that
everyone here uses their own little flavour of Linux that works for them and
this may not be the one your using.  For example I use Debian.

The third issue here is you just can't set up an Enterprise Snort solution
in one day.  It took me 2 months of lab work and build testing just to get
the initial build.  After that its constant updating and review.  Once you
get these things running you just can't walk away.  Its all fine and dandy
to use a build guide from someone like Patrick Harper (Best guide I have see
so far. Thanks.) but in the end if you don't take the time to understand
your going to be no further ahead. 

I can see your are frustrated and this email won't help your problem.  I
just hope it will help you understand and point you in the right direction.

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com]
Sent: September 13, 2004 1:03 PM
To: 'Ryan Potts'
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
pr oblems !!



I tried the command an hour ago:

This is what I recive:

[root@snort_jr_dmz snortinstall]# yum install openssl
Gathering header information file(s) from server(s)
Server: Fedora Core 1 - i386 - Base
Server: Fedora Core 1 - i386 - Released Updates
Finding updated packages
Downloading needed headers
openssl is installed and is the latest version.
No actions to take

I cant belive this is happening to me....

I found that it says the same about allmount all the dependencis in looking
for.

I cant belive I will need to reinstall a sensor just because of dependencis
problems. Now I understand why nobody uses Linux.

Maybe to insert the distribution cd's and install every package ?

I must get it working !!!


Thanks !!

-----Original Message-----
From: Ryan Potts [mailto:RSPOTTS () salud unm edu] 
Sent: Monday, September 13, 2004 7:44 PM
To: Juan.Fernandez () deltathree com
Subject: RE: [Snort-users] I am using Petrick harper's guide still have pr
oblems !!

Juan,
 try using yum to install any missing packages. Yum is new with fedora
core 1. the command would be something like this to install ssl:
yum install openssl

if you don't have yum, you will probably need to get it off an ftp site
or the cds you installed with.

This way you will get all the dependencies with the package and a lot
fewer headaches. You will still have to install your snort rpm by hand.

I hope this helps some.

Ryan Potts
PC Support Analyst
IT Dept.
UNM Hospitals
rspotts () salud unm edu

> > > Juan Fernandez <Juan.Fernandez () deltathree com> 9/13/2004 9:17:43 AM


I agree with you.

But my boss dosen't care,

I must bring up those machines somehow !!!

-----Original Message-----
From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher () bristol ac uk] 
Sent: Monday, September 13, 2004 5:59 PM
To: Juan Fernandez; 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] I am using Petrick harper's guide still
have
problems !!

Hi Juan -

--On 13 September 2004 15:54 +0300 Juan Fernandez 
<Juan.Fernandez () deltathree com> wrote:

> I us fedora core 1 (now I am trying to install the sensor from the
guide
> of Patrick harper) .
>
> When I try to install snort-mysql-2.1.3-0.fdr.1.i386.rpm I receive
the
> next:

[snip tale of woe]

All the problems you're experiencing are essentially down to your 
self-acknowledged lack of experience with Linux distributions and 
commonly-used packages within. None of your problems are
snort-specific, so 
I respectfully suggest that you get some books and/or training on the 
distro you're using, then revisit setting up a snort-based NIDS. You
need 
to learn to walk before you can run.

As far as recommended books: <http://www.rpm.org/max-rpm/>, 
<http://www.oreilly.com/catalog/learnredhatentlnx>, 
<http://www.oreilly.com/catalog/linuxnut4/>, 
<http://www.oreilly.com/catalog/esa3/>, 
<http://www.oreilly.com/catalog/msql2/>.

Alternatively, if you just want a working NIDS, you might be better-off

getting your employer to shell out some cash for one of the ready-built

snort-based NIDS appliances, such as Sourcefire.

Best Regards and Good Luck!
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement
on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users