RE: SNORT on Solaris

[Katherine Hosch <kam () cs uno edu>]

Sorry to be so abrupt, but someone said to remove /usr/ucb/cc and link 
it to /usr/local/bin/gcc.  This is a terrible idea.

The proper way to install any precompiled software in Solaris is to use 
pkgadd.  Then you make sure that you have /usr/local/bin in your path. 
(You will also need to have installed the 'development' tools when you 
installed Solaris. These are the files in /usr/include, /usr/lib and 
/usr/ccs.  If you didn't do a full or at least 'development' install of 
Solaris then you will need to manually add all of  those packages. It 
would probably be quicker to reinstall in that case.)

Having installed both Snort and Nessus on Solaris, I can say that the 
former is definitely easier. The only really tricky thing about the 
snort install is configuing in mysql support. In order to compile snort  
do this:

1. Get the tools you need from 
ftp://ftp.algx.net/pub/solaris/sunfreeware/sparc/8 (or any of the other 
sunfreeware mirrors). You will definitely need:

gcc-3.3-sol8-sparc-local.gz
zlib-1.1.4-sol8-sparc-local.gz

and possibly

bison-1.875-sol8-sparc-local.gz
mysql-3.23.53-sol8-sparc-local.gz

2. Unpack and install the tools:

# gunzip gcc-3.3-sol8-sparc-local.gz
# pkgadd -d ./gcc-3.3-sol8-sparc-local
# gunzip zlib-1.1.4-sol8-sparc-local.gz
# pkgadd -d ./zlib-1.1.4-sol8-sparc-local
# gunzip bison-1.875-sol8-sparc-local.gz
# pkgadd -d ./bison-1.875-sol8-sparc-local
# gunzip mysql-3.23.53-sol8-sparc-local
# pkgadd -d ./mysql-3.23.53-sol8-sparc-local

This will install the compiler and libraries into /usr/local/bin and 
/usr/local/lib respectively. The mysql stuff installs into 
/usr/local/mysql but you don't have to use mysql to use snort. If you do 
you mysql then you will have to set up the database and that is not 
completely trivial.

3. Ensure that you can use the tools; put /usr/local/bin in your PATH:
# PATH=$PATH:/usr/local/bin:/usr/ccs/bin
# export PATH

You should make sure that the lines above are in /.profile as well as in 
your profile. You should *not* have /usr/ucb/bin in your path.

4. After installing the compilation tools, unpack the snort source 
distribution, configure and make it:
# gzcat snort-2.0.0.tar.gz | tar xf -
# cd snort-2.0.0
# ./configure; make; make install

(or, to get compile in mysql support):

# ./configure --with-mysql=/usr/local/mysql
# make; make install

This will install snort in /usr/local/bin.

Note, all the information in the doc subdirectory of the snort 
distribution is valuable. Compilling, installing, configuring and 
installing this software is not entirely trivial.

- katherine hosch





-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users