Snort mailing list archives
Re: Problem to configure DAQ on SNORT
From: "vpiserchia () gmail com" <vpiserchia () gmail com>
Date: Fri, 13 Sep 2013 14:53:11 +0200
Hello the main problem here is that the libnetfilter_queue*.rpm packages are missing in the centos6 distro (see for example this [1]) so you have two options here: - compile it by your self, but probably you have also to compile other libnetfilter modules - or using a custom repository containing the needed packages In the first case for example see [3] (search in the page) In the second case here some repos from google: - clearOS repository, for example see this [1] - rebuilding the package from Fedora 14, see [2] - rayen repo, here [4], the repo key is here [5] [1] http://yaplej.blogspot.it/2013/02/centos-rhel-63-missing-libnetfilterqueue.html [2] http://darkgate.net/blog/?p=1467 [3] https://code.google.com/p/kanet/wiki/Kanet_install_centos6_rhel6 [4] http://rnd.rajven.net/centos [5] http://rnd.rajven.net/RPM-GPG-KEY-rajven.net hope this help regards vito On 09/13/2013 02:05 PM, Kelevra Slevin wrote:
I downloaded and install this libs, but nothing. I'm still getting the message:
checking libipq.h usability... no
checking libipq.h presence... no
checking for libipq.h... no
checking for linux/netfilter.h... yes
checking for netinet/in.h... (cached) yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
But when I was installing ibnfnetlink-0.0.30-1.x86_64.rpm I got this message:
sudo rpm -i libnfnetlink-0.0.30-1.x86_64.rpm
package libnfnetlink-1.0.0-1.el6.x86_64 (which is newer than libnfnetlink-0.0.30-1.x86_64) is already installed
package libnfnetlink-1.0.0-1.el6.i686 (which is newer than libnfnetlink-0.0.30-1.x86_64) is already installed
file /usr/lib64/libnfnetlink.so.0.2.0 from install of libnfnetlink-0.0.30-1.x86_64 conflicts with file from package
libnfnetlink-1.0.0-1.el6.x86_64
And I think that the problem is in which lib the ./configure is using, because I already have libnfnetlink installed
on lib64/.
In the configure file has this code:
if test "$enable_nfq_module" = yes; then
for ac_header in netinet/in.h libnetfilter_queue/libnetfilter_queue.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
else
enable_nfq_module=no
but I don't know how to change it to redirect.
On Fri, Sep 13, 2013 at 6:15 AM, Y M <snort () outlook com <mailto:snort () outlook com>> wrote:
Have you tried compiling/using rpms (if available) of the following:
libnetfilter_queue-devel
libnfnetlink
libnfnetlink-devel
Looking at your output:
checking libipq.h usability... no
checking libipq.h presence... no
checking for libipq.h... no
checking for linux/netfilter.h... yes
checking for netinet/in.h... (cached) yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
Some google searching and got below rpms (never tested them myself, or if they are available):
x86: http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-0.0.15-1.i386.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-devel-0.0.15-1.i386.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-0.0.30-1.i386.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-devel-0.0.30-1.i386.rpm
x86_64: http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.15-1.x86_64.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-0.0.30-1.x86_64.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-0.0.30-1.x86_64.rpm
Finally, Snort will work just fine alerting on "alert" rules while running inline and dropping packets with
"drop" rules.
YM
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
From: Kelevra Slevin <mailto:kelevra19 () gmail com>
Sent: 9/13/2013 4:51 AM
To: Safwat <mailto:safwat1242 () gmail com>
Cc: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Problem to configure DAQ on SNORT
I already search for a solution to this problem on centOS, but I barely found anything and when I found is
another OS.
If someone knows a way to redirect to another lib, like libnetfilter_contrack, I would apreciate the help.
One more thing, with this config Snort will work properly as an IDS?
On Thu, Sep 12, 2013 at 5:42 PM, Safwat <safwat1242 () gmail com <mailto:safwat1242 () gmail com>> wrote:
We also have the same problem, and could not find solution ____
__ __
__ __
__ __
*From:*Kelevra Slevin [mailto:kelevra19 () gmail com <mailto:kelevra19 () gmail com>]
*Sent:* Thursday, September 12, 2013 4:37 PM
*To:* snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
*Subject:* [Snort-users] Problem to configure DAQ on SNORT____
__ __
I'm new using Snort and i'm having problem to compile DAQ with nfq module. At first I will use as IDS to get
use with snort, but in future I would like to use snort as an ips on inline mode. I use cent os 6.____
__ __
After a google search I installed some recommend libs using this commands:____
yum install libnfnetlink*____
yum install libnetfilter_contrack*____
____
The ./configure of daq:____
checking for a BSD-compatible install... /usr/bin/install -c____
checking whether build environment is sane... yes____
checking for a thread-safe mkdir -p... /bin/mkdir -p____
checking for gawk... gawk____
checking whether make sets $(MAKE)... yes____
checking for gcc... gcc____
checking whether the C compiler works... yes____
checking for C compiler default output file name... a.out____
checking for suffix of executables... ____
checking whether we are cross compiling... no____
checking for suffix of object files... o____
checking whether we are using the GNU C compiler... yes____
checking whether gcc accepts -g... yes____
checking for gcc option to accept ISO C89... none needed____
checking for style of include used by make... GNU____
checking dependency style of gcc... gcc3____
checking build system type... x86_64-unknown-linux-gnu____
checking host system type... x86_64-unknown-linux-gnu____
checking how to print strings... printf____
checking for a sed that does not truncate output... /bin/sed____
checking for grep that handles long lines and -e... /bin/grep____
checking for egrep... /bin/grep -E____
checking for fgrep... /bin/grep -F____
checking for ld used by gcc... /usr/bin/ld____
checking if the linker (/usr/bin/ld) is GNU ld... yes____
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B____
checking the name lister (/usr/bin/nm -B) interface... BSD nm____
checking whether ln -s works... yes____
checking the maximum length of command line arguments... 1966080____
checking whether the shell understands some XSI constructs... yes____
checking whether the shell understands "+="... yes____
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format...
func_convert_file_noop____
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop____
checking for /usr/bin/ld option to reload object files... -r____
checking for objdump... objdump____
checking how to recognize dependent libraries... pass_all____
checking for dlltool... no____
checking how to associate runtime and link libraries... printf %s\n____
checking for ar... ar____
checking for archiver @FILE support... @____
checking for strip... strip____
checking for ranlib... ranlib____
checking command to parse /usr/bin/nm -B output from gcc object... ok____
checking for sysroot... no____
checking for mt... no____
checking if : is a manifest tool... no____
checking how to run the C preprocessor... gcc -E____
checking for ANSI C header files... yes____
checking for sys/types.h... yes____
checking for sys/stat.h... yes____
checking for stdlib.h... yes____
checking for string.h... yes____
checking for memory.h... yes____
checking for strings.h... yes____
checking for inttypes.h... yes____
checking for stdint.h... yes____
checking for unistd.h... yes____
checking for dlfcn.h... yes____
checking for objdir... .libs____
checking if gcc supports -fno-rtti -fno-exceptions... no____
checking for gcc option to produce PIC... -fPIC -DPIC____
checking if gcc PIC flag -fPIC -DPIC works... yes____
checking if gcc static flag -static works... no____
checking if gcc supports -c -o file.o... yes____
checking if gcc supports -c -o file.o... (cached) yes____
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes____
checking whether -lc should be explicitly linked in... no____
checking dynamic linker characteristics... GNU/Linux ld.so____
checking how to hardcode library paths into programs... immediate____
checking whether stripping libraries is possible... yes____
checking if libtool supports shared libraries... yes____
checking whether to build shared libraries... yes____
checking whether to build static libraries... yes____
checking for visibility support... yes____
checking CFLAGS for gcc -Wall... -Wall____
checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings____
checking CFLAGS for gcc -Wsign-compare... -Wsign-compare____
checking CFLAGS for gcc -Wcast-align... -Wcast-align____
checking CFLAGS for gcc -Wextra... -Wextra____
checking CFLAGS for gcc -Wformat... -Wformat____
checking CFLAGS for gcc -Wformat-security... -Wformat-security____
checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter____
checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing____
checking CFLAGS for gcc -fdiagnostics-show-option... -fdiagnostics-show-option____
checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic -std=c99 -D_GNU_SOURCE____
checking for getaddrinfo... yes____
checking for flex... flex____
checking for flex 2.4 or higher... yes____
checking for bison... bison____
checking linux/if_ether.h usability... yes____
checking linux/if_ether.h presence... yes____
checking for linux/if_ether.h... yes____
checking linux/if_packet.h usability... yes____
checking linux/if_packet.h presence... yes____
checking for linux/if_packet.h... yes____
checking pcap.h usability... yes____
checking pcap.h presence... yes____
checking for pcap.h... yes____
checking for pcap_lib_version in -lpcap... yes____
checking netinet/in.h usability... yes____
checking netinet/in.h presence... yes____
checking for netinet/in.h... yes____
checking libipq.h usability... no____
checking libipq.h presence... no____
checking for libipq.h... no____
checking for linux/netfilter.h... yes____
checking for netinet/in.h... (cached) yes____
checking libnetfilter_queue/libnetfilter_queue.h usability... no____
checking libnetfilter_queue/libnetfilter_queue.h presence... no____
checking for libnetfilter_queue/libnetfilter_queue.h... no____
checking for linux/netfilter.h... (cached) yes____
checking for pcap.h... (cached) yes____
checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... (cached) yes____
checking for libpcap version >= "1.0.0"... yes____
checking for dlopen in -ldl... yes____
checking for inttypes.h... (cached) yes____
checking for memory.h... (cached) yes____
checking netdb.h usability... yes____
checking netdb.h presence... yes____
checking for netdb.h... yes____
checking for netinet/in.h... (cached) yes____
checking for stdint.h... (cached) yes____
checking for stdlib.h... (cached) yes____
checking for string.h... (cached) yes____
checking sys/ioctl.h usability... yes____
checking sys/ioctl.h presence... yes____
checking for sys/ioctl.h... yes____
checking sys/param.h usability... yes____
checking sys/param.h presence... yes____
checking for sys/param.h... yes____
checking sys/socket.h usability... yes____
checking sys/socket.h presence... yes____
checking for sys/socket.h... yes____
checking sys/time.h usability... yes____
checking sys/time.h presence... yes____
checking for sys/time.h... yes____
checking for unistd.h... (cached) yes____
checking for inline... inline____
checking for size_t... yes____
checking for uint16_t... yes____
checking for uint32_t... yes____
checking for uint64_t... yes____
checking for uint8_t... yes____
checking for stdlib.h... (cached) yes____
checking for GNU libc compatible malloc... yes____
checking for stdlib.h... (cached) yes____
checking for unistd.h... (cached) yes____
checking for sys/param.h... (cached) yes____
checking for getpagesize... yes____
checking for working mmap... yes____
checking for gethostbyname... yes____
checking for getpagesize... (cached) yes____
checking for memset... yes____
checking for munmap... yes____
checking for socket... yes____
checking for strchr... yes____
checking for strcspn... yes____
checking for strdup... yes____
checking for strerror... yes____
checking for strrchr... yes____
checking for strstr... yes____
checking for strtoul... yes____
configure: creating ./config.status____
config.status: creating Makefile____
config.status: creating api/Makefile____
config.status: creating os-daq-modules/Makefile____
config.status: creating os-daq-modules/daq-modules-config____
config.status: creating sfbpf/Makefile____
config.status: creating config.h____
config.status: config.h is unchanged____
config.status: executing depfiles commands____
config.status: executing libtool commands____
__ __
Build AFPacket DAQ module.. : yes____
Build Dump DAQ module...... : yes____
Build IPFW DAQ module...... : yes____
Build IPQ DAQ module....... : no____
Build NFQ DAQ module....... : no____
Build PCAP DAQ module...... : yes____
__ __
Thanks in advance,____
SK____
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- <Possible follow-ups>
- Re: Problem to configure DAQ on SNORT Y M (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT vpiserchia () gmail com (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)