Snort mailing list archives

RE: QUERY:Building snort statically

From: "William Fitzgerald" <wfitzgerald () tssg org>
Date: Tue, 15 Feb 2005 16:27:32 -0000

Joshua and all,

That worked BUT it did NOT statically compile my snort.
ldd -v src/snort
not a dynamic executable

It only statically linked my libraries.

Joshua and others have you statically compiled snort before. What is the
procedure?

I guess I will need to edit the configure file or the makefile in the
snort-2.1.1 directory. But what must I do?

Regards,
Will.

-----Original Message-----
From: Joshua Berry [mailto:jberry () PENSON COM] 
Sent: 15 February 2005 15:56
To: wfitzgerald () tssg org
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically


Correct.  That *should* still work.  However, if you are compiling with
PostgreSQL support you will have issues, it will complain about one of
the crypto functions.  This is from OpenSSL I believe, like one of the
other posters mentioned.  

My only fix for this is commenting that line out in the source of
postgresql, recompiling postgresql, and then compiling snort statically
with postgresql support.  I am not sure about fixing the MySQL issues, I
use PostgreSQL so I haven't had to do this.

-----Original Message-----
From: William Fitzgerald [mailto:wfitzgerald () tssg org] 
Sent: Tuesday, February 15, 2005 9:48 AM
To: Joshua Berry
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically

Hi Joshua and all,

I went to the snort-2.1.1/src/Makefile and done a search for
snort_LDFLAGS and found one occurance of it in this section:
snort$(EXEEXT): $(snort_OBJECTS) $(snort_DEPENDENCIES)
        @rm -f snort$(EXEEXT)
        $(LINK) $(snort_LDFLAGS) $(snort_OBJECTS) $(snort_LDADD) $(LIBS)

I could not find what snort_LDFLAGS was assigned to inorder to change it
to be static.

I then looked at the makefile one directory up, that is snort-2.1.1 and
no snort_LDFLAGS was found. However I did find a LDFLAGS parameter:
LDFLAGS =  -L/usr/local/lib -lpcre

Should I just change this to LDFLAGS =  -static 

What do you think?

Regards,
Will.


-----Original Message-----
From: Joshua Berry [mailto:jberry () PENSON COM] 
Sent: 15 February 2005 15:38
To: wfitzgerald () tssg org
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically


I have always added -static to the snort_LDFLAGS variable in
snort-x.xx/src/Makefile. Like this:

snort_LDFLAGS = -static

I cannot find that variable in snort-2.2.0 anymore, so I guess you would
just add it to the LDFLAGS variable.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of William
Fitzgerald
Sent: Tuesday, February 15, 2005 8:30 AM
To: 'Senthil Prabu.S'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically

Hi all again,

I thought a little about my second question.
I don't think I need to switch compilers.
I done the follwing instead introducing the --host switch.

Here is what I done for libpcre:
./configure --host=i386
Make
Make install

Here is what I done for libpcap:
./configure --host=i386
Make
Make install

Here is what I done for snort-2.1.1:
/configure --prefix=/home/j0n/apdevel/cqureap/rootfs/usr/idsdev/snort
--host=i386 --enable-wireless
Make
I wont make install yet.

So it all compiled fine ;-) 

Now I guess I need to re-do snort to compile staticly.

Again Question 1 from previous mail still stands.
Here it is again:
QUESTION: STATIC COMPILE:
Do I just temporarily rename all the files in /usr/local/lib and re-run
the above commands? Wont it not complain about finding those libraries?
Must I also edit the configure file? Senthil sorry about this, I am just
not sure what you meant in step [1] from previous mail.

Regards,
Will


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of William
Fitzgerald
Sent: 15 February 2005 14:02
To: 'Senthil Prabu.S'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] QUERY:Building snort statically


Hi Senthil and all,

Thanks for your reply.
BELOW ARE " QUESTIONS.

First, let me tell you some more. I am currently compiling snort-2.1.1
on an Linux i686. I will eventually be copying the snort binary to a
Linux i386 machine running uClibc compiler (embedded Linux system).

Since snort requires  libpcre and  libpcap I will need to statically
compile them into snort. I believe the other libraries snort uses are
provided by uClibc.

The i686 gcc compiler is:
gcc -v
Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.3/specs
Configured with: ../configure --enable-threads=posix --prefix=/usr
--with-local-prefix=/usr/local --infodir=/usr/share/info
--mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada
--disable-checking --libdir=/usr/lib --enable-libgcj
--with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib
--with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux

I install libpcre and libpcap based on this.
I ran the snort configure as follows with the host option: ./configure
--prefix=/home/j0n/apdevel/cqureap/rootfs/usr/idsdev/snort
--host=i386 --enable-wireless
Then I did:
Make

QUESTION: STATIC COMPILE:
Do I just temporarily rename all the files in /usr/local/lib and re-run
the above commands? Wont it not complain about finding those libraries?
Must I also edit the configure file? Senthil sorry about this, I am just
not sure what you meant in step [1] from previous mail.

QUESTION: CHOICE OF COMPILER:
I wonder should I have installed libpcre, libpcap and snort on a
different compiler. That is: Export PATH=/uClibc:$PATH Then ./configure,
make, make install for both libpcre, libpcap And for snort: ./configure
--prefix=/home/j0n/apdevel/cqureap/rootfs/usr/idsdev/snort
--host=i386 --enable-wireless


Regards,
Will.

-----Original Message-----
From: Senthil Prabu.S [mailto:prabu333 () hotpop com] 
Sent: 15 February 2005 13:02
To: wfitzgerald () tssg org; snort-users () lists sourceforge net
Subject: Re: [Snort-users] QUERY:Building snort statically


Hi,
I am using snort (statically build on my HP-UX machine).
Have also tried on Linux machines.

Steps involved in building Snort statically;

[1]. For time being, move the shared version of snort dependecy
       libraries, such that compiler can only look for static depedency 
       libraries. For ex: this can be done by moving the shared libary,
       /usr/local/lib/libpcre.so to /usr/local/lib/libpcre.so_. Like
this do
       for all dependecy products.There is no source code change 
       required to build snort statically. [After completing your snort
      build, dont forget to revoke the changes done to shared
libraries].

[2]. If you are building snort with mysql and postgres support, then
       you will face errors as "Unsatisfied symbol". Bez, mysql and
       postgresmysql libraries looks for shared version of SSL
libraries,
        by default.
       
       Then, do the following changes in configure script, to fix it,
       File: snort-2.2.3/configure
        
           before: LIBS="${LIBS} -lmysqlclient"
           after: LIBS="${LIBS} -lmysqlclient -lkrb5 -lssl -lcrypto"

       File: snort-2.2.3/configure
        
           before: LIBS="${LIBS} -lpq"
           after: LIBS="${LIBS} -lpq -lkrb5 -lssl -lcrypto".

       Also only when using mysql or postgresql, you will be in need of 
       OpenSSL.

NOTE:
I have build snort-2.3.0 statically with flexresp,mysql,postgresql
support. In this scenario, following are the list of dependecy products.
If you are going to build snort with above options, move the shared
libraries of following;
   MySQL 4.0.21       
   PostgreSQL 7.4.5  
   OpenSSL A.00.09.07 
   Libnet 1.0.2a      
   Pcre 4.4          
   Libpcap 0.8.3   
   Zlib 1.1.4         

P.S: I have not tried snort with inline support.
Hope this helps,if you are in trouble plz write to me.


--
Senthil Prabu.S


If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.
_________________________________________________________________

Dear all,

I want to build snort statically. What is the procedure/steps to do
this? I want to be able to migrate the snort wireless binary t an 
embedded system.

If anyone can help or point me in the right direction that would be
fantastic.

It will need quite a few libraries as can be seen from the ldd command

below. I am using snort-2.1.1 so I can have snort wireless logging.

ldd -v src/snort
       linux-gate.so.1 =>  (0xffffe000)
       libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x40029000)
       libpcap.so.0 => /usr/lib/libpcap.so.0 (0x40036000)
       libm.so.6 => /lib/tls/libm.so.6 (0x40059000)
       libnsl.so.1 => /lib/libnsl.so.1 (0x4007b000)
       libc.so.6 => /lib/tls/libc.so.6 (0x40090000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

       Version information:
       src/snort:
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /usr/local/lib/libpcre.so.0:
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /usr/lib/libpcap.so.0:
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /lib/tls/libm.so.6:
               ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
       /lib/libnsl.so.1:
               libc.so.6 (GLIBC_2.1.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.2) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.2.3) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6
               libc.so.6 (GLIBC_2.1) => /lib/tls/libc.so.6
       /lib/tls/libc.so.6:
               ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_2.3) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2
               ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2

Regards,
Will.

William M. Fitzgerald (MSc,BSc),
Applied Researcher,
Telecommunications Software & Systems Group,
Waterford Institute of Technology,
Cork Rd.
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real
users. Discover which products truly live up to the hype. Start 
reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: QUERY:Building snort statically, (continued)
- - - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)
    - Re: QUERY:Building snort statically Senthil Prabu.S (Feb 15)
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
  - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)
    - Snort Interafecs don't come up on reboot sEc nErD (Feb 15)
    - Re: Snort Interafecs don't come up on reboot Matt Kettler (Feb 15)
    - Re: QUERY:Building snort statically Senthil Prabu.S (Feb 15)
    - RE: QUERY:Building snort statically William Fitzgerald (Feb 16)
- RE: QUERY:Building snort statically Joshua Berry (Feb 15)
  - RE: QUERY:Building snort statically William Fitzgerald (Feb 15)