RE: Installing Snort on OpenBSD based on RH WS3 or FreeBSD doc's on snort site

["robert schwartz" <robert () mrsquirrel com>]

First, with OpenBSD, what's your concern about putting a default install
of it on the network?  Personally I say if you choose an OS that's
secure by default you shouldn't worry abuot insecurity until you enable
stuff.  I'd highly recommend learning a bit about the OpenBSD package
and port system first, but that's only 15 minutes of work to go from
novice to expert.

You want the binary packages from:
ftp.openbsd.org/pub/OpenBSD/version/packages/i386

Where "version" is 3.4 or 3.3 depending on your OpenBSD build.

Pick the nastiest package with the most dependencies and (depending on
your shell):

setenv pkg_path=ftp://ftp.openbsd.org/pathasstatedabove

Then download the package you want and install it with pkg_add.  All the
dependencies will get auto-installed from the ftp server via the
environment varialbe set.  Alternatively, you have a list of packages
you know you want, just download them all into the same directory and
the package system will deal with dependencies for you.  The hardest
part of installing all this stuff on OpenBSD is trusting that it is
indeed THIS easy.

I would install the PHP and all supporting lib's via pkg or port (ports
tree has better post-install instructions for PHP btw).  Do not use a
freebsd port on openbsd.  I would get the snort2.x source and compile
that manually though, since Snort development outpaces most binary
packaging systems.  Certainly do the mysql stuff with pkg's or ports.
If you choose to check out the ports tree
(http://www.openbsd.org/anoncvs.html for instructions to check out the
ports tree) all dependencies are automagically dealt with for you
without muss or fuss.

Keep in mind OpenBSD's apache runs CHROOTEd by default so you have to
change the rc.conf so httpd launched "-u -DSSL" after reading the ssl
man page and following the instructions for creating and signing a cert.
That's the only "gotcha" specific to openbsd.  Some brave souls managed
to make ACID run chrooted but that's superadvanced and dubiously
beneficial IMHO.  

Feel free to shoot me mail offlist if you hit a sticking point I might
be able to give you a quick and dirty hack/workaround/fix for your
issue.



> -----Original Message-----
> From: snort-users-admin () lists sourceforge net 
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
> Jacob, Raymond A Jr
> Sent: Thursday, April 01, 2004 4:31 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Installing Snort on OpenBSD based on 
> RH WS3 or FreeBSD doc's on snort site
>
>
>
>
> I am trying to figure what packages to install to get an 
> OpenBSD box up and running. I was planning on manually 
> downloadind and installing the following packages based on 
> the RH WS3 document 
> http://www.internetsecurityguru.com/documents/snort_acid_rhws3.pdf
> using the following shell script.
>
> set HTTP_Proxy=http://proxy
> wget http://www.snort.org/dl/snort-2.1.2.tar.gz
> wget 
> http://mysql.secsup.org/Downloads/MySQL-5.0/mysql-debug-5.0.0-
> alpha-unknown-openbsd3.4-i386.tar.gz
> wget http://www.apache.org/dist/httpd/apache_1.3.29.tar.gz           
> wget http://www.modssl.org/source/mod_ssl-2.8.16-1.3.29.tar.gz
> wget http://www.php.net/distributions/php-4.3.5.tar.gz
> wget http://phplens.com/lens/dl/adodb421.tgz
> wget 
> http://www.snort.org/dl/contrib/data_analysis/acid/acid-0.9.6b
> 23.tar.gz
> wget ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz
> wget http://members.chello.se/jpgraph/jpgdownloads/jpgraph-1.14.tar.gz
> wget http://www.tcpdump.org/release/libpcap-0.8.3.tar.gz
>
> and burning the packages to CDs and installing them on the 
> box, so I don't have to connect to the network until 
> acceptance testing complete.
>
> Since, I am under the gun so I may have to connect to the 
> network to get the 
> snort, acid, apache,... installed. If I have to do this I was 
> planning on using the ports system mentioned in the document 
> based on FreeBSD to install the packages 
> http://www.snort.org/docs/FreeBSD47RELEASE-Snort-MySQLVer1-3.p
df
and run the following commands.

1. Change directory to /usr/ports/www/mozilla
2. make install clean
1. Change directory to /usr/ports/ftp/wget
2. make install clean
1. Change directory to /usr/ports/graphics/phplot
2. make WITH_X11=yes
3. When presented with a menu of options to configure into phplot,
choose GD 2, then hit ok. 4. make install clean 1. Change directory to
/usr/ports/databases/adodb 2. make install clean 1. Change directory to
/usr/ports/security/stunnel 2. make install clean 1. Change directory to
/usr/ports/security/snort 2. make -DWITH_MYSQL -DWITH_FLEXRESP ; make
install 3. cp
/usr/ports/security/snort/work/snort-1.9.0/contrib/create_mysql /tmp 1.
Change directory to /usr/ports/security/acid 2. make install clean

question: What packages(and locations) are need to install Snort, Acid,
Apache, PCAP, adodb, (mozilla), get, phplot/zlib/jpgraph, php on an
OpenBSD system?

thank you,
Raymond


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users