Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (2.4.4 and Ubuntu on 2.6.12) Odd install from source

From: Rob Munsch <rmunsch () solutionsforprogress com>
Date: Thu, 30 Mar 2006 13:42:48 -0500
Yah, sorry if i wasn't clear - i see all the files in snort-<ver>/etc, and did all that manually. I was just wondering if it was supposed to happen automagically at install.
Frex, the included snort.conf gives the location of the rules dir as "../rules," which doesn't seem to fit the other assumptions. The executable seems to go to /usr/local/bin via 'make install,' and like i said the manpage goes to the right place; it's the rest of the supporting cast i was wondering about.
Also, on the subject, the initscript is under the <source>/rpm directory sitting next to the snort.spec, as is the logrotate snippet and 'snort.sysconfig,' and i'm not really sure why. Having nothing to do with RPMs, it took me a while to think of poking around in there; due to the odd placement of those files and the lack of anything going to my own /etc/snort or /etc/init.d - which, you gotta admit, is not entirely unexpected behaviour - coupled with the docs assuming these things were in place, i assumed something had Gone Wrong. 

Braley, Ron wrote:


Rob,

In my experience, the .conf files get extracted into the installation
directory/etc (i.e. /usr/local/src/snort-2.4.4/etc).

Not only should you see the snort.conf file there, but threshold.conf
too.

I think library files are put in the proper locations during the
installation process - there's no need to do anything else but the
following:

a.  Put the executable file wherever you'd like it to be (/opt/snort/bin
for us . . .)
b.  Copy the snort.conf file from the extraction point/etc to wherever
you'd like it to be (i.e. /opt/snort/etc/)
c.  Download the rules and include this directory in the snort.conf file
d.  Start snort (manually or automatically) - remember to include the
location of the snort.conf file in the command (i.e.
#/opt/snort/bin/snort -i eth5 -c /opt/snort/etc/snort.conf -D

Hope that helps!

Ron Braley, Berbee
Datacenter Security Engineer



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rob Munsch
Sent: Thursday, March 30, 2006 11:21 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] (2.4.4 and Ubuntu on 2.6.12) Odd install from
source

'allo list,
I've had an odd problem installing 2.4.4 from source. conf/make/make install goes smoothly, but only the binary itself - and the man page - actually 'go anywhere.'
I'm not sure if this is deliberate, but i've poked around the docs, checked the faq, and burned black candles at midnight - no success. Nothing goes to my /etc; no conf, nothing in init.d, nada. Not the snort.conf itself nor any of the secondary conf files, nor is a rules dir created, nor /var/log/snort, etc.
The docs seem to assume these things'll be in place when you run, but there's no explicit manifesto of needed files. I went and manually moved stuff around, created the dirs and files needed, etc., but i was sort of wondering about the whole thing.
Ubuntu seems to want to apt me 2.3.2, and it looks like there's a slew of bugfixes and whatnot in the 2.4 branch, so i'd rather go with latest stable source. Is there a reason the various config files, and assorted
log/conf/rules directories, aren't created at install? There doesn't seem to be any reference to them in the makefile, tho my understanding there is limited. 

Praying fervently not to have caused a drink or three,




--
Rob Munsch
Solutions For Progress IT



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: