Friday, December 18, 2009

Build snort inline in Ubuntu 9.10

For IDS experiment in Linux, I was trying snort inline and hlbr. Building hlbr was smooth. But snort inline, as of version 2.6.1.5 can't be smoothly built on Ubuntu 9.10. You need older version of libnet0. It also depend on libdnet, which in Ubuntu renamed into libdumbnet due to name conflict to older DECNet package. So you also need to modify snort inline with this patch: http://cecunguk.blankonlinux.or.id/~andika/snort-inline.patch.

$ wget http://downloads.sourceforge.net/project/snort-inline/snort_inline%20source%20%282.6.x%29/snort_inline-2.6.1.5/snort_inline-2.6.1.5.tar.gz
$ wget http://cecunguk.blankonlinux.or.id/~andika/snort-inline.patch
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7.dsc
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a.orig.tar.gz
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7.diff.gz
# prepare old libnet
$ dpkg-source -x libnet0_1.0.2a-7.dsc
$ cd libnet0-1.0.2a
$ fakeroot debian/rules binary
$ cd ..
$ sudo dpkg -i libnet0_1.0.2a-7_*.deb
# build snort inline
$ tar xvfz snort_inline-2.6.1.5.tar.gz
$ cd snort_inline-2.6.1.5
$ patch -p1 < ../snort-inline.patch
$ sudo apt-get install iptables-dev libnetfilter-queue-dev libdumbnet-dev
$ ./configure
$ make
$ sudo make install
Happy hacking!

5 comments:

moutoucouroutouvou said...

hello

I dont know where you get the file .deb in the command :
sudo dpkg -i libnet0_1.0.2a-7_*.deb

thank you for the answer

Andika Triwidada said...

that deb was a result of my own build steps above

moutoucouroutouvou said...

hello

the command

fakeroot debian/rules binary

have a end in error.
can you explain me why


dh_installexamples: Compatibility levels before 5 are deprecated.
(cd test && tar -c --exclude Makefile.in --exclude Makefile.am .) | (cd debian/libnet0-dev/usr/share/doc/libnet0-dev/examples/testsuite && tar x)
find ./debian/libnet0-dev/usr/share/doc/libnet0-dev/examples/testsuite -type d -name CVS | xargs rm -rf
uudecode -o - ./debian/html.tar.uu | (cd ./debian/libnet0-dev/usr/share/doc/libnet0-dev/; tar xf -)
/bin/sh: uudecode: not found
tar: Ceci ne ressemble pas à une archive de type « tar »
tar: Exiting with failure status due to previous errors
make: *** [binary-arch] Erreur 2

moutoucouroutouvou said...

i am sorry by i has not the bin uudecode
now this command is ok ans the .deb is created.

moutoucouroutouvou said...

hello
./configure dont find dnet.h

checking dnet.h usability... no
checking dnet.h presence... no
checking for dnet.h... no

ERROR! Libdnet header not found, go get it from
http://libdnet.sourceforge.net or use the --with-dnet-*
options, if you have it installed in an unusual place

can you give me a solution , because i dont know where i can find dnet.h

Thank for your help