Snort mailing list archives

RE: QUERY:Building snort statically

From: "Joshua Berry" <jberry () PENSON COM>
Date: Tue, 15 Feb 2005 09:34:38 -0600

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of William
Fitzgerald
Sent: Tuesday, February 15, 2005 8:02 AM
To: 'Senthil Prabu.S'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically

Hi Senthil and all,

Thanks for your reply.
BELOW ARE " QUESTIONS.

First, let me tell you some more. I am currently compiling snort-2.1.1
on an Linux i686. I will eventually be copying the snort binary to a
Linux i386 machine running uClibc compiler (embedded Linux system).

Since snort requires  libpcre and  libpcap I will need to statically
compile them into snort.
I believe the other libraries snort uses are provided by uClibc.

The i686 gcc compiler is:
gcc -v
Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.3/specs
Configured with: ../configure --enable-threads=posix --prefix=/usr
--with-local-prefix=/usr/local --infodir=/usr/share/info
--mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada
--disable-checking --libdir=/usr/lib --enable-libgcj
--with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib
--with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux

I install libpcre and libpcap based on this.
I ran the snort configure as follows with the host option:
./configure --prefix=/home/j0n/apdevel/cqureap/rootfs/usr/idsdev/snort
--host=i386 --enable-wireless
Then I did:
Make

QUESTION: STATIC COMPILE:
Do I just temporarily rename all the files in /usr/local/lib and re-run
the above commands? Wont it not complain about finding those libraries?
Must I also edit the configure file? Senthil sorry about this, I am just
not sure what you meant in step [1] from previous mail.

QUESTION: CHOICE OF COMPILER:
I wonder should I have installed libpcre, libpcap and snort on a
different compiler. That is:
Export PATH=/uClibc:$PATH
Then ./configure, make, make install for both libpcre, libpcap
And for snort:
./configure --prefix=/home/j0n/apdevel/cqureap/rootfs/usr/idsdev/snort
--host=i386 --enable-wireless

Regards,
Will.

-----Original Message-----
From: Senthil Prabu.S [mailto:prabu333 () hotpop com] 
Sent: 15 February 2005 13:02
To: wfitzgerald () tssg org; snort-users () lists sourceforge net
Subject: Re: [Snort-users] QUERY:Building snort statically

Hi,
I am using snort (statically build on my HP-UX machine).
Have also tried on Linux machines.

Steps involved in building Snort statically;

[1]. For time being, move the shared version of snort dependecy
       libraries, such that compiler can only look for static depedency 
       libraries. For ex: this can be done by moving the shared libary,
       /usr/local/lib/libpcre.so to /usr/local/lib/libpcre.so_. Like
this do
       for all dependecy products.There is no source code change 
       required to build snort statically. [After completing your snort
      build, dont forget to revoke the changes done to shared
libraries].

[2]. If you are building snort with mysql and postgres support, then
       you will face errors as "Unsatisfied symbol". Bez, mysql and
       postgresmysql libraries looks for shared version of SSL
libraries,
        by default.

       Then, do the following changes in configure script, to fix it,
       File: snort-2.2.3/configure

           before: LIBS="${LIBS} -lmysqlclient"
           after: LIBS="${LIBS} -lmysqlclient -lkrb5 -lssl -lcrypto"

       File: snort-2.2.3/configure

           before: LIBS="${LIBS} -lpq"
           after: LIBS="${LIBS} -lpq -lkrb5 -lssl -lcrypto".

       Also only when using mysql or postgresql, you will be in need of 
       OpenSSL.

NOTE:
I have build snort-2.3.0 statically with flexresp,mysql,postgresql
support. In this scenario, following are the list of dependecy products.
If you are going to build snort with above options, move the shared
libraries of following;
   MySQL 4.0.21       
   PostgreSQL 7.4.5  
   OpenSSL A.00.09.07 
   Libnet 1.0.2a      
   Pcre 4.4          
   Libpcap 0.8.3   
   Zlib 1.1.4         

P.S: I have not tried snort with inline support.
Hope this helps,if you are in trouble plz write to me.

--
Senthil Prabu.S

If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.
_________________________________________________________________

Dear all,

I want to build snort statically. What is the procedure/steps to do 
this? I want to be able to migrate the snort wireless binary t an 
embedded system.

If anyone can help or point me in the right direction that would be 
fantastic.

It will need quite a few libraries as can be seen from the ldd command

below. I am using snort-2.1.1 so I can have snort wireless logging.

ldd -v src/snort
       linux-gate.so.1 =>  (0xffffe000)
       libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x40029000)
       libpcap.so.0 => /usr/lib/libpcap.so.0 (0x40036000)
       libm.so.6 => /lib/tls/libm.so.6 (0x40059000)
       libnsl.so.1 => /lib/libnsl.so.1 (0x4007b000)
       libc.so.6 => /lib/tls/libc.so.6 (0x40090000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

       Version information:
       src/snort:
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /usr/local/lib/libpcre.so.0:
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /usr/lib/libpcap.so.0:
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /lib/tls/libm.so.6:
               ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /lib/libnsl.so.1:
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.2) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
       /lib/tls/libc.so.6:
               ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_2.3) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2

Regards,
Will.

William M. Fitzgerald (MSc,BSc),
Applied Researcher,
Telecommunications Software & Systems Group,
Waterford Institute of Technology,
Cork Rd.
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real 
users. Discover which products truly live up to the hype. Start 
reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

QUERY:Building snort statically William Fitzgerald (Feb 15)
- Re: QUERY:Building snort statically Senthil Prabu.S (Feb 15)
  - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)
    - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)
    - Re: QUERY:Building snort statically Senthil Prabu.S (Feb 15)
- <Possible follow-ups>
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
  - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)
    - Snort Interafecs don't come up on reboot sEc nErD (Feb 15)
    - Re: Snort Interafecs don't come up on reboot Matt Kettler (Feb 15)
    - Re: QUERY:Building snort statically Senthil Prabu.S (Feb 15)
    - RE: QUERY:Building snort statically William Fitzgerald (Feb 16)
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
  - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)