The instructions were to build two software packages from their source files, of which one must be NLED and any other software of your choice.
First let’s begin wiith NLED:
Compiling NLED from Source
Download and extract the Tarball:
$ wget http://cdot.senecac.on.ca/software/nled/nled_2_52_src.tgz
$ tar -xvz nled_2_52_src.tgz
Next, run make and make install to compile and install:
$ make
$ make install
Incidentally, this installation ran without issues and I am successfully using NLED.
For the second software, I decided to install Snort.
"Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide."
Compiling Snort from Source
You can download the Source snort package from:
Untar the Source file:
$ tar -xvf snort-2.8.6.1.tar.gz$ cd snort-2.8.6.1/
The Snort website (www.snort.org) showed that before installing Snort you need have a number of software packages installed such as Libpcap, PCRE, Libnet and Barnyard.
I ran the following commands to see if these packages are installed:
rpm -q libpcap - Yes, installedrpm -q pcre - Yes, installedrpm -q libnet - No, not installed (or at least rpm did not find it)rpm -q barnyard - No, not installed (or at least rpm did not find it)
However, I decided to run the configure file to see what would happen.
$ ./configure
But alas, I got the following error:
Snort Error:
ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h)not found, go get it from http://www.tcpdump.org or use the --with-libpcap-* options, if you have it installed in unusual place. Also check if your libpcap depends on another shared library that may be installed in an unusual place
But wait, the latest lipbcap package WAS installed according to rpm (as I had run rpm –q libpcap above).
Perhaps, I was missing something else. I checked the www.tcpdump.org website but it had the same libcap I had installed. I ran the command:
$ yum search libpcap
Loaded plugins: presto, refresh-packagekit
=================Matched: libpcap ================= libpcap.i686 : A system-independent interface for user-level packet capture
libpcap-devel.i686 : Libraries and header files for the libpcap library…
Since libpcap was installed, I figured I needed the development libpcap library as well so I installed it using:
$ yum install libpcap-devel
Then I ran ./configure again, as it was going through I noticed:
./configure: line 13616: pcre-config: command not found
./configure: line 13622: pcre-config: command not found
checking pcre.h usability... no
checking pcre.h presence... no
checking for pcre.h... no
I knew what was coming and then BAM! Another error:
ERROR! Libpcre header not found.Get it from http://www.pcre.org
So I checked www.pcre.org and found the same pcre library I have installed already. Now I know there must be a pcre development library like libpcap so I ran yum search pcre and it came back with:
Loaded plugins: presto, refresh-packagekit
==========Matched: pcre ============…
pcre.i686 : Perl-compatible regular expression library
pcre-devel.i686 : Development files for pcre
Of course, I then ran yum install prce-devel
Finally, I ran ./configure again, and voila! It completed (although I didn’t seem to have barnyard or libnet according to rpm –q)
If you need to run ./configure with special options, then please see this resource I found on the configuration options you can use:
http://204.152.191.100:8080/wiki/index.php/Configure_options_-_snort
If you need to run ./configure with special options, then please see this resource I found on the configuration options you can use:
http://204.152.191.100:8080/wiki/index.php/Configure_options_-_snort
Next I ran make as my current user, followed by make install as root
Snort is successfully installed. Time to start snortin’…or not (insert fail comment here).
Great tips you just shared on how to properly compile NLED and Snort sources.
ReplyDelete