RE: I am using Patrick Harper's guide still have pr oblems !!

["Esler, Joel - Contractor" <joel.esler () rcert-s army mil>]

Don't install Snort from RPM.  Compile from scratch.  IMO this is the
way to go.
 
J

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Truax,
Shawn (MBS)
Sent: Monday, September 13, 2004 2:12 PM
To: 'Juan Fernandez'; 'Ryan Potts'
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] I am using Patrick Harper's guide still have
pr oblems !!



Hi Juan, 

Been following the conversation here.  The problem isn't that no one
uses Linux.  The problem is its free, which equals no vendor, which
equals no support.  You can't just call up your local O/S vendor to ask
for help, unless you have purchased a support contract from someone like
Redhat.

The second problem is you have come to a snort users area.  No one here
supports Linux, they help with Snort.  There is a certain assumption of
Linux understanding required before posting here.  Try asking for advice
on a Fedora users mailing list or forum
(http://www.linuxforums.org/forum/viewforum.php?f=35).  You will find
that everyone here uses their own little flavour of Linux that works for
them and this may not be the one your using.  For example I use Debian.

The third issue here is you just can't set up an Enterprise Snort
solution in one day.  It took me 2 months of lab work and build testing
just to get the initial build.  After that its constant updating and
review.  Once you get these things running you just can't walk away.
Its all fine and dandy to use a build guide from someone like Patrick
Harper (Best guide I have see so far. Thanks.) but in the end if you
don't take the time to understand your going to be no further ahead. 

I can see your are frustrated and this email won't help your problem.  I
just hope it will help you understand and point you in the right
direction.

Shawn Truax 
Sr. Security Specialist 
Corporate Security 
155 University Ave. 
Toronto, Ontario 
M5H 3B7 
(416)327-1107 


-----Original Message----- 
From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com] 
Sent: September 13, 2004 1:03 PM 
To: 'Ryan Potts' 
Cc: 'snort-users () lists sourceforge net' 
Subject: RE: [Snort-users] I am using Petrick harper's guide still have 
pr oblems !! 



I tried the command an hour ago: 

This is what I recive: 

[root@snort_jr_dmz snortinstall]# yum install openssl 
Gathering header information file(s) from server(s) 
Server: Fedora Core 1 - i386 - Base 
Server: Fedora Core 1 - i386 - Released Updates 
Finding updated packages 
Downloading needed headers 
openssl is installed and is the latest version. 
No actions to take 

I cant belive this is happening to me.... 

I found that it says the same about allmount all the dependencis in
looking 
for. 

I cant belive I will need to reinstall a sensor just because of
dependencis 
problems. Now I understand why nobody uses Linux. 

Maybe to insert the distribution cd's and install every package ? 

I must get it working !!! 


Thanks !! 

-----Original Message----- 
From: Ryan Potts [mailto:RSPOTTS () salud unm edu] 
Sent: Monday, September 13, 2004 7:44 PM 
To: Juan.Fernandez () deltathree com 
Subject: RE: [Snort-users] I am using Petrick harper's guide still have
pr 
oblems !! 

Juan, 
 try using yum to install any missing packages. Yum is new with fedora 
core 1. the command would be something like this to install ssl: 
yum install openssl 

if you don't have yum, you will probably need to get it off an ftp site 
or the cds you installed with. 

This way you will get all the dependencies with the package and a lot 
fewer headaches. You will still have to install your snort rpm by hand. 

I hope this helps some. 

Ryan Potts 
PC Support Analyst 
IT Dept. 
UNM Hospitals 
rspotts () salud unm edu 

> > > Juan Fernandez <Juan.Fernandez () deltathree com> 9/13/2004 9:17:43 AM 


I agree with you. 

But my boss dosen't care, 

I must bring up those machines somehow !!! 

-----Original Message----- 
From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher () bristol ac uk] 
Sent: Monday, September 13, 2004 5:59 PM 
To: Juan Fernandez; 'snort-users () lists sourceforge net' 
Subject: Re: [Snort-users] I am using Petrick harper's guide still 
have 
problems !! 

Hi Juan - 

--On 13 September 2004 15:54 +0300 Juan Fernandez 
<Juan.Fernandez () deltathree com> wrote: 

> I us fedora core 1 (now I am trying to install the sensor from the 
guide 
> of Patrick harper) . 
>
> When I try to install snort-mysql-2.1.3-0.fdr.1.i386.rpm I receive 
the 
> next: 

[snip tale of woe] 

All the problems you're experiencing are essentially down to your 
self-acknowledged lack of experience with Linux distributions and 
commonly-used packages within. None of your problems are 
snort-specific, so 
I respectfully suggest that you get some books and/or training on the 
distro you're using, then revisit setting up a snort-based NIDS. You 
need 
to learn to walk before you can run. 

As far as recommended books: <http://www.rpm.org/max-rpm/>, 
<http://www.oreilly.com/catalog/learnredhatentlnx>, 
<http://www.oreilly.com/catalog/linuxnut4/>, 
<http://www.oreilly.com/catalog/esa3/>, 
<http://www.oreilly.com/catalog/msql2/>. 

Alternatively, if you just want a working NIDS, you might be better-off 

getting your employer to shell out some cash for one of the ready-built 

snort-based NIDS appliances, such as Sourcefire. 

Best Regards and Good Luck! 
Alex. 
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group 
Information Systems and Computing             GPG Key ID: F9B27DC9 
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 



------------------------------------------------------- 
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 
Project Admins to receive an Apple iPod Mini FREE for your judgement 
on 
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php 
_______________________________________________ 
Snort-users mailing list 
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users 


------------------------------------------------------- 
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 
Project Admins to receive an Apple iPod Mini FREE for your judgement on 
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php 
_______________________________________________ 
Snort-users mailing list 
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users