Re: Running/Compiling latest snort on potato

To: Shane Machon <shane@twoplums.com.au>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: Running/Compiling latest snort on potato
From: Vladislav <hugevlad@yahoo.com>
Date: Mon, 3 Sep 2001 20:38:31 -0700 (PDT)
Message-id: <[🔎] 20010904033831.67225.qmail@web11704.mail.yahoo.com>
In-reply-to: <[🔎] 3B941929.A81AC7C4@twoplums.com.au>

Hello,

--- Shane Machon <shane@twoplums.com.au> wrote:

> I dont have to have 1.81 of snort (would be nice
> though!), just db
> support (1.7 or above)
> 
> Any success stories?
I used compiled from sources snort for 2 month. Then,
I decide to add db support and try to recompile it.
But it depends on so many libs, that I decide better
get binary package. Also, I decide make snort-box as
clean mashine with only necessary features, because it
used only for intrusion detection (dedicated box).

1. Install base Debian system and select no additional
packages.
2. Download and manually (with dpkg) install necessary
packages (see list installed packages below).
3. Download and install ACID (Analysis Console for
Intrusion Databases).

Downloaded packages and tgz:
ACID-0.9.5b9.tar.gz
adduser_3.39_all.deb
apache-common_1.3.20-1_i386.deb
apache_1.3.20-1_i386.deb
debconf_0.9.77_all.deb
dialog_0.9a-20010527-1_i386.deb
fileutils_4.1-2_i386.deb
klogd_1.4.1-2_i386.deb
libbz2-1.0_1.0.1-10_i386.deb
libc6_2.2.3-6_i386.deb
libdb2_2.7.7-8_i386.deb
libdbd-mysql-perl_1.2216-2_i386.deb
libdbi-perl_1.18-1_i386.deb
libexpat1_1.95.1-5_i386.deb
libgdbmg1_1.7.3-27_i386.deb
libmm11_1.1.3-4_i386.deb
libmysqlclient10_3.23.39-3_i386.deb
libncurses5_5.2.20010318-2_i386.deb
libpcap0_0.6.2-1_i386.deb
libpcre3_3.4-1_i386.deb
libreadline4_4.2-3_i386.deb
libstdc++2.10-glibc2.2_2.95.4-0.010703_i386.deb
logrotate_3.5.4-2_i386.deb
mime-support_3.11-1_all.deb
mysql-client_3.23.39-3_i386.deb
mysql-common_3.23.39-3.1_all.deb
mysql-server_3.23.39-3_i386.deb
perl-base_5.6.1-5_i386.deb
perl-modules_5.6.1-5_all.deb
perl_5.6.1-5_i386.deb
php4-mysql_4.0.6-4_i386.deb
php4_4.0.6-1_i386.deb
php4_4.0.6-4_i386.deb
snort_1.7-9_i386.deb
sysklogd_1.4.1-2_i386.deb
zlib1g_1.1.3-15_i386.deb

Installed packages (dpkg -l):
ii  adduser        3.39
ii  ae             962-26
ii  apache         1.3.20-1
ii  apache-common  1.3.20-1
ii  apt            0.3.19
ii  base-config    0.33.2
ii  base-files     2.2.0
ii  base-passwd    3.1.10
ii  bash           2.03-6
ii  bsdutils       2.10f-5.1
ii  console-data   1999.08.29-11.
ii  console-tools  0.2.3-10.3
ii  console-tools- 0.2.3-10.3
ii  cron           3.0pl1-57.2
ii  debconf        0.9.77
ii  debianutils    1.13.3
ii  dialog         0.9a-20010527-
ii  diff           2.7-21
ii  dpkg           1.6.15
ii  e2fsprogs      1.18-3.0
ii  elvis-tiny     1.4-11
ii  fbset          2.1-6
ii  fdflush        1.0.1-5
ii  fdutils        5.3-3
ii  fileutils      4.1-2
ii  findutils      4.1-40
ii  ftp            0.10-3.1
ii  gettext-base   0.10.35-13
ii  grep           2.4.2-1
ii  gzip           1.2.4-33
ii  hostname       2.07
ii  isapnptools    1.21-2
ii  joe            2.8-15.2
ii  klogd          1.4.1-2
ii  ldso           1.9.11-9
ii  libbz2-1.0     1.0.1-10
ii  libc6          2.2.3-6
ii  libdb2         2.7.7-8
ii  libdbd-mysql-p 1.2216-2
ii  libdbi-perl    1.18-1
ii  libexpat1      1.95.1-5
ii  libgdbmg1      1.7.3-27
ii  libmm11        1.1.3-4
ii  libmysqlclient 3.23.39-3
ii  libncurses5    5.2.20010318-2
ii  libnewt0       0.50-7
ii  libpam-modules 0.72-9
ii  libpam-runtime 0.72-9
ii  libpam0g       0.72-9
ii  libpcap0       0.6.2-1
ii  libpcre3       3.4-1
ii  libpopt0       1.4-1.1
ii  libreadline4   4.2-3
ii  libssl09       0.9.4-5
ii  libstdc++2.10  2.95.2-13
ii  libstdc++2.10- 2.95.4-0.01070
ii  libwrap0       7.6-4
ii  lilo           21.4.3-2
ii  locales        2.1.3-18
ii  login          19990827-20
ii  makedev        2.3.1-46.2
ii  mawk           1.3.3-5
ii  mbr            1.1.2-1
ii  mime-support   3.11-1
ii  modutils       2.3.11-13.1
ii  mount          2.10f-5.1
ii  mysql-client   3.23.39-3
ii  mysql-common   3.23.39-3.1
ii  mysql-server   3.23.39-3
ii  ncurses-base   5.0-6.0potato1
ii  ncurses-bin    5.0-6.0potato1
ii  netbase        3.18-4
ii  passwd         19990827-20
ii  pciutils       2.1.2-2
ii  perl           5.6.1-5
ii  perl-base      5.6.1-5
ii  perl-modules   5.6.1-5
ii  php4           4.0.6-4
ii  php4-mysql     4.0.6-4
ii  ppp            2.3.11-1.4
ii  pppconfig      2.0.5
ii  procps         2.0.6-5
ii  psmisc         19-2
ii  pump           0.7.3-2
ii  sed            3.02-5
ii  setserial      2.17-16
ii  shellutils     2.0-7
ii  slang1         1.3.9-1
ii  snort          1.7-9
ii  ssh            1.2.3-9.3
ii  sysklogd       1.4.1-2
ii  syslinux       1.48-2
ii  sysvinit       2.78-4
ii  tar            1.13.17-2
ii  tasksel        1.0-10
ii  tcpd           7.6-4
ii  telnet         0.16-4potato.1
ii  textutils      2.0-2
ii  update         2.11-1
ii  util-linux     2.10f-5.1
ii  zlib1g         1.1.3-15

This linux-box has 3 network interfaces:
1 - connected to LAN (used to view results and mantain
box)
2,3 - sensors without ip-addresses assigned (simple
ifconfig eth0 up, for snort this is enough) attached
to 2 different segments of DMZ.

Very stable desision, I have no problem with it.



=====
Regards, Vladislav. ---> http://cybervlad.port5.com

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Reply to:

References:
- Running/Compiling latest snort on potato
  - From: Shane Machon <shane@twoplums.com.au>

Prev by Date: FW: a filter for tcp socket
Next by Date: Re: CODA + portmapper == insecure?
Previous by thread: Re: Running/Compiling latest snort on potato
Next by thread: Portsentry vs snort
Index(es):
- Date
- Thread