官網放出用 snort-2.4.3.tar.gz加上 patch方式,編譯 snort_inline-2.4.3RC2.diff

Quote:

Hi everyone!

Today is the day Will is getting married with his bride Lindsay. Thats
why todays release is dubbed “The Wedding Release”. Before i tell you
guys about the release i want to wish William and Lindsay all the best
together! Congratulations and have fun on your honeymoon!

Ok, back to Snort_inline. The jumping in version from 2.3.0RC1 to
2.4.3RC2 makes clear that the last couple of months both Will and I have
been very busy with mostly real-life stuff like work, study, his
marriage, etc. We hope to be able to update Snort_inline much more and
faster in the future.

Finally we are able to present you a new version, with the great help of
Nick Rogness (FreeBSD support), Dave Remien (netfilter netlink queue
support) and Ricardo Patino (debugging stream4inline).

So whats new in this release:
– rewritten stream4inline support.
– netfilter netlink queue support, supporting multiple instances of
snort_inline on Linux 2.6.14+. Written by Dave Remien.
– bait and switch preprocessor allowing to redirect attackers to another
ipaddress (currently Linux only).
– updated clamav preprocessor.
– snort_inline manual page. Written by Nick Rogness.
– switch from libnet to libdnet: no more libnet 1.0.2a :-)

Downloading, compiling and installing:

NOTE: you need libdnet to compile Snort_inline now!

– You first need to download Snort 2.4.3:
http://www.snort.org/dl/current/snort-2.4.3.tar.gz
– Then download the patch:
http://sourceforge.net/tracker/download.php?group_id=78497&atid=553469&file_id=155116&aid=1349079
– check its md5 checksum: 0215e3c71f6dd824db8b08fda6bf7b79
– unzip the patchfile: gunzip snort_inline-2.4.3RC2.diff.gz
– Extract the snort archive and apply the patch like this: patch -p0 <
/path/to/snort_inline-2.4.3RC2.diff
– Enter the directory snort-2.4.3 and execute the ‘autojunk.sh’ script.
– run configure, make, make install
– done!

Please give this release some serious beating and report all problems to
the list.

Regards,
Victor

snort-2.4.3 + snort_inline-2.4.3RC2.diff

作法如下
現在改用libdnet,不再是libnet了
訊息來源 http://sourceforge.net/mailarchive/message.php?msg_id=13762338

[1.] download Snort 2.4.3:
http://www.snort.org/dl/current/snort-2.4.3.tar.gz

Then download the patch:
http://sourceforge.net/tracker/download.php?group_id=78497&atid=553469&file_id=155116&aid=1349079
check its md5 checksum: 0215e3c71f6dd824db8b08fda6bf7b79

[2.] gunzip snort_inline-2.4.3RC2.diff.gz

[3.] tar zxvf snort-2.4.3.tar.gz

[4.] 把解開後的snort-2.4.3目錄與snort_inline-2.4.3RC2.diff更新檔,放在同一目錄後,
執行
patch -p0 < snort_inline-2.4.3RC2.diff

[5.] cd snort-2.4.3
sh autojunk.sh
./configure
make
make install

[Q1:] [root@ssorc snort-2.4.3]# sh autojunk.sh
configure.in:169: warning: underquoted definition of SN_CHECK_DECL
run info ‘(automake)Extending aclocal’
or see http://sources.redhat.com/automake/automake.html#Extending-aclocal
configure.in:202: warning: underquoted definition of SN_CHECK_DECLS
configure.in:298: warning: underquoted definition of FAIL_MESSAGE
[A1:] 引用
> This shouldn’t affect your build. I see this all the time on my
> redhat/fedora boxes. You could probably just ignore it. Does it not
> build properly for you?
>
> Regards,
>
> Will

[Q2:] [root@ssorc snort-2.4.3]# ./configure
checking for dnet.h… no

ERROR! Libdnet header not found, go get it from
http://libdnet.sourceforge.net or use the –with-dnet-*
options, if you have it installed in an unusual place
[A2:] apt-get install libdnet

Related posts 相關文章
新一代入侵偵測/防護系統 Snort++,就是 Snort 3 啦
More...
Snort 官網改版,較清楚乾淨
More...
Sourcefire 被 Cisco 買走了,但承諾 Snort 持續為 OpenSource ?
More...
snort 規則管理,pulledpork
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。