Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unable to install Snort 2.6.1.4 on RHEL5

From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Mon, 14 May 2007 13:58:03 -0500
I just got a copy of RHEL 5 and a 30 day subscription for the redhat network
so I can test it.  I know that it was working with CentOS and will let you
know shortly about RHEL.



-----Original Message-----
From: snort-users-bounces () lists sourceforge net [mailto:snort-users-
bounces () lists sourceforge net] On Behalf Of Harry Hoffman
Sent: Monday, May 14, 2007 1:30 PM
To: Dan Brummer
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

I was just emailing back and forth with another person who has/had this
same problem.

Is libpcap-devel installed on your system? If it is please get a
listing
of files in the rpm db and verify the integrity of the package. If not
intact, please remove and then re-install the -devel package and see if
that works.


Verify Files:
rpm -V libpcap-devel

Cheers,
Harry



Any ideas on this guys?  I'm still unable to get it to work, SELinux
disabled.  I'm thinking about downgrading to RHEL4 but I may run into
hardware issues.

-Dan

-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Harry
Hoffman
Sent: Friday, May 11, 2007 5:01 PM
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

If you believe it's SELINUX you can check the logs:

audit2allow -i /var/log/messages

or temporarily disable selinux
setenforce 0

HTH,
Harry


On Fri, 11 May 2007, Patrick S. Harper wrote:


Selinux can break a lot of things if not set properly, it takes a

good



bit of tweaking

Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com




-----Original Message-----
From: Peper Gisi [mailto:pgisi () flatironfs com]
Sent: Friday, May 11, 2007 3:33 PM
To: Dan Brummer; Patrick S. Harper;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5


I actually just had the same issue yesterday with CentOS5. I was
using Patrick's directions and had to do a couple of things a

little



different like SELinux comes after the reboot. I have tried
everything that I could think of and still get the same error that

Dan is getting.

I took the box back to 4.4 and no issues ... except fort importing
the GPG key for NTOP but that is unrelated.

Peper

________________________________

From: snort-users-bounces () lists sourceforge net on behalf of Dan
Brummer
Sent: Fri 5/11/2007 2:20 PM
To: Patrick S. Harper; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5




Yea this is very confusing.  This is a brand new installation of
RHEL5 with the latest updates from RHN via yum.

-Dan

-----Original Message-----
From: Patrick S. Harper [mailto:patrick () internetsecurityguru com]
Sent: Friday, May 11, 2007 1:17 PM
To: Dan Brummer; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Unable to install Snort 2.6.1.4 on

RHEL5


I have the same setup in my lab and it worked for me.  I have not
gotten a copy of the real RHEL 5 yet though, I am running on

CentOS

5.  That should not make a difference though




-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users- bounces () lists sourceforge net] On Behalf Of
Dan Brummer
Sent: Friday, May 11, 2007 1:14 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Unable to install Snort 2.6.1.4 on RHEL5

Hello,
I'm trying to install Snort 2.6.1.4 from source on a RHEL5

server.



I get the following error:

ERROR!  Libpcap library/headers not found

I currently have libpcap installed by RPM:
rpm -qa |grep libpcap
libpcap-0.9.4-8.1
libpcap-devel-0.9.4-8.1

Here's a list of the libpcap files:
/usr/include/pcap-bpf.h
/usr/include/pcap-namedb.h
/usr/include/pcap.h
/usr/lib/libpcap.a
/usr/lib/libpcap.so
/usr/lib/libpcap.so.0
/usr/lib/libpcap.so.0.9
/usr/lib/libpcap.so.0.9.4

I've tried running ./configure with '--with-libpcap-
includes=/usr/include --with-libpcap-libraries=/usr/lib' and

still



expierence the error.  Any help on this would be greatly

appreciated.


Thank you.
Daniel Brummer
Vegas.com Network Engineer I


------------------------------------------------------------------

--

---
--
This SF.net email is sponsored by DB2 Express Download DB2 Express

C



- the FREE version of DB2 express and take control of your XML. No
limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users









--------------------------------------------------------------------

--

--- This SF.net email is sponsored by DB2 Express Download DB2

Express



C - the FREE version of DB2 express and take control of your XML. No
limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------------------------------

---

-
This SF.net email is sponsored by DB2 Express Download DB2 Express C

-

the FREE version of DB2 express and take control of your XML. No

limits.

Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

---------------------------------------------------------------------

----

This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-----------------------------------------------------------------------
--
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: