Snort mailing list archives
Re: Snort-users Digest, Vol 116, Issue 1
From: Carlos Rodriguez Hernandez <crodriguezh.ext () redborder net>
Date: Tue, 5 Jan 2016 09:24:17 +0100
Hello, To use Snort you must install various libraries, including libtool: yum install gcc binutils m4 flex bison zlib zlib-devel libpcap libpcap-devel pcre pcre-devel libdnet libdnet-devel tcpdump openssl openssl-devel libss libss-devel zlib zlib-devel autoconf libtool gcc-c++ After checking that you have all, do the following: cd /home/user/Downloads/ wget https://github.com/firnsy/barnyard2/archive/7254c24702392288fe6be948f88afb74040f6dc9.tar.gz -O barnyard2-2-1.14-336.tar.gz <https://github.com/firnsy/barnyard2/archive/7254c24702392288fe6be948f88afb74040f6dc9.tar.gz%20-O%20barnyard2-2-1.14-336.tar.gz> cd /usr/local/src/ mv /home/user/Downloads/barnyard2-2-1.14-336.tar.gz ./barnyard2.tar.gz tar zxvf barnyard2.tar.gz rm -r barnyard2.tar.gz mv barnyard2-7254c24702392288fe6be948f88afb74040f6dc9/ barnyard2 cd barnyard2/ autoreconf -fvi -I ./m4 ln -s /usr/include/dumbnet.h /usr/include/dnet.h ldconfig ./configure make make install I hope it works correctly Greetings 2016-01-04 14:57 GMT+01:00 <snort-users-request () lists sourceforge net>:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Writing snort rules for dos detection in tcpdump files (Aneela Safdar) 2. barnyard installation issue (Giuseppe Triolo) 3. Re: barnyard installation issue (Diogene Laerce) 4. Re: barnyard installation issue (Diogene Laerce) 5. (no subject) (Aurimas Rudinskis) ---------------------------------------------------------------------- Message: 1 Date: Fri, 25 Dec 2015 12:50:06 +0000 (UTC) From: Aneela Safdar <ansaf_130 () yahoo com> Subject: [Snort-users] Writing snort rules for dos detection in tcpdump files To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <1033589305.3434620.1451047806305.JavaMail.yahoo () mail yahoo com> Content-Type: text/plain; charset="utf-8" I have got some tcpdump files from KDD-99 dataset and I am trying to find out Neptune attacks recorded in them. I am writing rules in standard form, for instance: alert tcp any any -> any 80 (flags: S; msg:"Possible TCP DoS"; flow: stateless; classtype: attempted-dos; threshold: type threshold, track by_src, count 20, seconds 6; sid:1000001;rev:1;) According to this very rule, I should be alerted only after 6 seconds if more than 20 rules are found, but it generates alert for all packets having SYN enabled. Can anybody help me here??Regards, Aneela Safdar -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Sun, 27 Dec 2015 22:45:02 +0100 From: Giuseppe Triolo <fastfouriertransform () hotmail com> Subject: [Snort-users] barnyard installation issue To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <DUB128-W763CA971B5AD68D2043C9ED3FA0 () phx gbl> Content-Type: text/plain; charset="iso-8859-1" I followed the Jason Weir snort guide for the Debian OSpart 4. Install & configure Barnyard2 # cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf master.tar.gz && cd barnyard2-* # autoreconf -fvi -I ./m4but i am having issues when i run the command:autoreconf -fvi -I ./m4look here what type of error i have.:/usr/src/barnyard2-master# autoreconf -fvi -I ./m4autoreconf: Entering directory `.'autoreconf: configure.ac: not using Gettextautoreconf: running: aclocal -I ./m4 --force -I m4autoreconf: configure.ac: tracingautoreconf: configure.ac: not using Libtoolautoreconf: running: /usr/bin/autoconf --include=./m4 -- forceconfigure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation.autoreconf: /usr/bin/autoconf failed with exit status: 1any tip or trick? -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Mon, 28 Dec 2015 11:29:07 +0100 From: Diogene Laerce <me_buss777 () yahoo fr> Subject: Re: [Snort-users] barnyard installation issue To: snort-users () lists sourceforge net Message-ID: <56810EF3.6070008 () yahoo fr> Content-Type: text/plain; charset="utf-8" Hi, Le 27/12/2015 22:45, Giuseppe Triolo a ?crit :I followed the Jason Weir snort guide for the Debian OS part 4. Install & configure Barnyard2 # cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf master.tar.gz && cd barnyard2-* # autoreconf -fvi -I ./m4 but i am having issues when i run the command: autoreconf -fvi -I ./m4 look here what type of error i have. :/usr/src/barnyard2-master# autoreconf -fvi -I ./m4 autoreconf: Entering directory `.' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal -I ./m4 --force -I m4 autoreconf: configure.ac: tracing autoreconf: configure.ac: not using Libtool autoreconf: running: /usr/bin/autoconf --include=./m4 --force configure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 any tip or trick?This tutorial found here : http://symmetrixtech.com/snort-and-snort-report-installation-guide/ Worked for me. Hope it helps.. Kind regards, -- ?One original thought is worth a thousand mindless quotings.? ?Le vrai n'est pas plus s?r que le probable.? Diogene Laerce -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature ------------------------------ Message: 4 Date: Mon, 28 Dec 2015 11:53:02 +0100 From: Diogene Laerce <me_buss777 () yahoo fr> Subject: Re: [Snort-users] barnyard installation issue To: snort-users () lists sourceforge net Message-ID: <5681148E.2060302 () yahoo fr> Content-Type: text/plain; charset="utf-8" Hi again, Le 27/12/2015 22:45, Giuseppe Triolo a ?crit :I followed the Jason Weir snort guide for the Debian OS part 4. Install & configure Barnyard2 # cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf master.tar.gz && cd barnyard2-* # autoreconf -fvi -I ./m4 but i am having issues when i run the command: autoreconf -fvi -I ./m4 look here what type of error i have. :/usr/src/barnyard2-master# autoreconf -fvi -I ./m4 autoreconf: Entering directory `.' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal -I ./m4 --force -I m4 autoreconf: configure.ac: tracing autoreconf: configure.ac: not using Libtool autoreconf: running: /usr/bin/autoconf --include=./m4 --force configure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 any tip or trick?Sorry I read your command wrongly. ^^ So, as it is the same in the tuto I would suggest that maybe you don't have all requirements installed. And as libtool is required to link some useful libraries, maybe verify that first. Kind regards, -- ?One original thought is worth a thousand mindless quotings.? ?Le vrai n'est pas plus s?r que le probable.? Diogene Laerce -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature ------------------------------ Message: 5 Date: Mon, 4 Jan 2016 15:57:38 +0200 From: Aurimas Rudinskis <arudinskis () gmail com> Subject: [Snort-users] (no subject) To: snort-users () lists sourceforge net Message-ID: <CA+UY0_j-SuZJ8UPntHrn= LxWGwfbLR0jfCAczJPcPkThKN2vbg () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi all, I've created LUA_PATH and SNORT_LUA environment variables, but when starting snort it complains that module 'snort_config' not found. What else is missing? export LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\; export SNORT_LUA_PATH=/opt/snort/etc/snort sudo sh -c "echo 'LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;' >> /etc/environment" sudo sh -c "echo 'SNORT_LUA_PATH=/opt/snort/etc/snort' >> /etc/environment" user@snort-01:~$ snort -c /etc/snort/snort.lua -R /etc/snort/rules/global.lua -------------------------------------------------- o")~ Snort++ 3.0.0-a3-183 -------------------------------------------------- Loading /etc/snort/snort.lua: FATAL: can't init /etc/snort/snort.lua: /etc/snort/snort.lua:20: module 'snort_config' not found: no field package.preload['snort_config'] no file '/opt/snort/include/snort/lua/\snort_config.lua' no file './snort_config.so' no file '/usr/local/lib/lua/5.1/snort_config.so' no file '/usr/lib/x86_64-linux-gnu/lua/5.1/snort_config.so' no file '/usr/lib/lua/5.1/snort_config.so' no file '/usr/local/lib/lua/5.1/loadall.so' Fatal Error, Quitting.. -- Link?jimai/Regards, *Aurimas Rudinskis* -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 116, Issue 1 *******************************************
-- Carlos Rodríguez Hernández *Intern Developer* redborder.net | +34 609477932 Piénsalo antes de imprimir este mensaje. Este correo electrónico, incluidos sus anexos, se dirige exclusivamente a su destinatario. Contiene información CONFIDENCIAL cuya divulgación está prohibida por la ley o puede estar sometida a secreto profesional. Si ha recibido este mensaje por error, le rogamos nos lo comunique inmediatamente y proceda a su destrucción. This email, including attachments, is intended exclusively for its addressee. It contains information that is CONFIDENTIAL whose disclosure is prohibited by law and may be covered by legal privilege. If you have received this email in error, please notify the sender and delete it from your system.
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 116, Issue 1 Carlos Rodriguez Hernandez (Jan 05)