Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users Digest, Vol 116, Issue 1

From: Carlos Rodriguez Hernandez <crodriguezh.ext () redborder net>
Date: Tue, 5 Jan 2016 09:24:17 +0100
Hello,

To use Snort you must install various libraries, including libtool:

yum install gcc binutils m4 flex bison zlib zlib-devel libpcap
libpcap-devel pcre pcre-devel libdnet libdnet-devel tcpdump openssl
openssl-devel libss libss-devel zlib zlib-devel autoconf libtool gcc-c++

After checking that you have all, do the following:

cd /home/user/Downloads/
wget https://github.com/firnsy/barnyard2/archive/7254c24702392288fe6be948f88afb74040f6dc9.tar.gz
-O barnyard2-2-1.14-336.tar.gz
<https://github.com/firnsy/barnyard2/archive/7254c24702392288fe6be948f88afb74040f6dc9.tar.gz%20-O%20barnyard2-2-1.14-336.tar.gz>
cd /usr/local/src/
mv /home/user/Downloads/barnyard2-2-1.14-336.tar.gz ./barnyard2.tar.gz
tar zxvf barnyard2.tar.gz
rm -r barnyard2.tar.gz
mv barnyard2-7254c24702392288fe6be948f88afb74040f6dc9/ barnyard2

cd barnyard2/
autoreconf -fvi -I ./m4
ln -s /usr/include/dumbnet.h /usr/include/dnet.h
ldconfig

./configure
make
make install


I hope it works correctly


Greetings

2016-01-04 14:57 GMT+01:00 <snort-users-request () lists sourceforge net>:


Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-owner () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


When responding, please don't respond with the entire Digest.  Please trim
your response.

Today's Topics:

   1. Writing snort rules for dos detection in tcpdump files
      (Aneela Safdar)
   2. barnyard installation issue (Giuseppe Triolo)
   3. Re: barnyard installation issue (Diogene Laerce)
   4. Re: barnyard installation issue (Diogene Laerce)
   5. (no subject) (Aurimas Rudinskis)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Dec 2015 12:50:06 +0000 (UTC)
From: Aneela Safdar <ansaf_130 () yahoo com>
Subject: [Snort-users] Writing snort rules for dos detection in
        tcpdump files
To: "snort-users () lists sourceforge net"
        <snort-users () lists sourceforge net>
Message-ID:
        <1033589305.3434620.1451047806305.JavaMail.yahoo () mail yahoo com>
Content-Type: text/plain; charset="utf-8"

I have got some tcpdump files from KDD-99 dataset and I am trying to find
out Neptune attacks recorded in them. I am writing rules in standard form,
for instance:
alert tcp any any -> any 80 (flags: S; msg:"Possible TCP DoS"; flow:
stateless; classtype: attempted-dos; threshold: type threshold, track
by_src, count 20, seconds 6; sid:1000001;rev:1;)

According to this very rule, I should be alerted only after 6 seconds if
more than 20 rules are found, but it generates alert for all packets having
SYN enabled. Can anybody help me here??Regards, Aneela Safdar
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Sun, 27 Dec 2015 22:45:02 +0100
From: Giuseppe Triolo <fastfouriertransform () hotmail com>
Subject: [Snort-users] barnyard installation issue
To: "snort-users () lists sourceforge net"
        <snort-users () lists sourceforge net>
Message-ID: <DUB128-W763CA971B5AD68D2043C9ED3FA0 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"

I followed the Jason Weir snort guide for the Debian OSpart 4. Install &
configure Barnyard2 # cd /usr/src && wget
https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf
master.tar.gz && cd barnyard2-* # autoreconf -fvi -I ./m4but i am having
issues when i run the command:autoreconf -fvi -I ./m4look here what type of
error i have.:/usr/src/barnyard2-master#  autoreconf -fvi -I
./m4autoreconf: Entering directory `.'autoreconf: configure.ac: not using
Gettextautoreconf: running: aclocal -I ./m4 --force -I m4autoreconf:
configure.ac: tracingautoreconf: configure.ac: not using
Libtoolautoreconf: running: /usr/bin/autoconf --include=./m4 --
forceconfigure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL
  If this token and others are legitimate, please use m4_pattern_allow.
  See the Autoconf documentation.autoreconf: /usr/bin/autoconf failed with
exit status: 1any tip or trick?
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Mon, 28 Dec 2015 11:29:07 +0100
From: Diogene Laerce <me_buss777 () yahoo fr>
Subject: Re: [Snort-users] barnyard installation issue
To: snort-users () lists sourceforge net
Message-ID: <56810EF3.6070008 () yahoo fr>
Content-Type: text/plain; charset="utf-8"

Hi,

Le 27/12/2015 22:45, Giuseppe Triolo a ?crit :

I followed the Jason Weir snort guide for the Debian OS
part 4. Install & configure Barnyard2
 # cd /usr/src &&
wget https://github.com/firnsy/barnyard2/archive/master.tar.gz
 # tar -zxf master.tar.gz && cd barnyard2-*
 # autoreconf -fvi -I ./m4
but i am having issues when i run the command:
autoreconf -fvi -I ./m4
look here what type of error i have.

:/usr/src/barnyard2-master#  autoreconf -fvi -I ./m4
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I ./m4 --force -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf --include=./m4 --force
configure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL
      If this token and others are legitimate, please use
m4_pattern_allow.
      See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
any tip or trick?


This tutorial found here :

    http://symmetrixtech.com/snort-and-snort-report-installation-guide/

Worked for me. Hope it helps..

Kind regards,

--
?One original thought is worth a thousand mindless quotings.?
?Le vrai n'est pas plus s?r que le probable.?

                                              Diogene Laerce


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature

------------------------------

Message: 4
Date: Mon, 28 Dec 2015 11:53:02 +0100
From: Diogene Laerce <me_buss777 () yahoo fr>
Subject: Re: [Snort-users] barnyard installation issue
To: snort-users () lists sourceforge net
Message-ID: <5681148E.2060302 () yahoo fr>
Content-Type: text/plain; charset="utf-8"

Hi again,

Le 27/12/2015 22:45, Giuseppe Triolo a ?crit :

I followed the Jason Weir snort guide for the Debian OS
part 4. Install & configure Barnyard2
 # cd /usr/src &&
wget https://github.com/firnsy/barnyard2/archive/master.tar.gz
 # tar -zxf master.tar.gz && cd barnyard2-*
 # autoreconf -fvi -I ./m4
but i am having issues when i run the command:
autoreconf -fvi -I ./m4
look here what type of error i have.

:/usr/src/barnyard2-master#  autoreconf -fvi -I ./m4
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I ./m4 --force -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf --include=./m4 --force
configure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL
      If this token and others are legitimate, please use
m4_pattern_allow.
      See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
any tip or trick?


Sorry I read your command wrongly. ^^

So, as it is the same in the tuto I would suggest that maybe you don't
have all requirements installed. And as libtool is required to link
some useful libraries, maybe verify that first.

Kind regards,

--
?One original thought is worth a thousand mindless quotings.?
?Le vrai n'est pas plus s?r que le probable.?

                                              Diogene Laerce


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature

------------------------------

Message: 5
Date: Mon, 4 Jan 2016 15:57:38 +0200
From: Aurimas Rudinskis <arudinskis () gmail com>
Subject: [Snort-users] (no subject)
To: snort-users () lists sourceforge net
Message-ID:
        <CA+UY0_j-SuZJ8UPntHrn=
LxWGwfbLR0jfCAczJPcPkThKN2vbg () mail gmail com>
Content-Type: text/plain; charset="utf-8"

Hi all,

I've created LUA_PATH and SNORT_LUA environment variables, but when
starting snort it complains that module 'snort_config' not found. What else
is missing?

export LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;
export SNORT_LUA_PATH=/opt/snort/etc/snort

sudo sh -c "echo 'LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;' >>
/etc/environment"
sudo sh -c "echo 'SNORT_LUA_PATH=/opt/snort/etc/snort' >> /etc/environment"


user@snort-01:~$ snort -c /etc/snort/snort.lua -R
/etc/snort/rules/global.lua
--------------------------------------------------
o")~   Snort++ 3.0.0-a3-183
--------------------------------------------------
Loading /etc/snort/snort.lua:
FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:20: module
'snort_config' not found:
        no field package.preload['snort_config']
        no file '/opt/snort/include/snort/lua/\snort_config.lua'
        no file './snort_config.so'
        no file '/usr/local/lib/lua/5.1/snort_config.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/snort_config.so'
        no file '/usr/lib/lua/5.1/snort_config.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
Fatal Error, Quitting..

--
Link?jimai/Regards,
*Aurimas Rudinskis*
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------


------------------------------------------------------------------------------


------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest, Vol 116, Issue 1
*******************************************





-- 
Carlos Rodríguez Hernández
*Intern Developer*
redborder.net | +34 609477932



Piénsalo antes de imprimir este mensaje.

Este correo electrónico, incluidos sus anexos, se dirige exclusivamente a
su destinatario. Contiene información CONFIDENCIAL cuya divulgación está
prohibida por la ley o puede estar sometida a secreto profesional. Si ha
recibido este mensaje por error, le rogamos nos lo comunique inmediatamente
y proceda a su destrucción.

This email, including attachments, is intended exclusively for its
addressee. It contains information that is CONFIDENTIAL whose disclosure is
prohibited by law and may be covered by legal privilege. If you have
received this email in error, please notify the sender and delete it from
your system.

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: