Posted on Wednesday, 23rd September 2009 by Michael
Instant IDS v1.0
Instant IDS v1.0 is a custom shell script that will automatically download, configure and run Snort IDS and BASE web gui.
Though this script has been tested in-depth I the author do not guarantee it will work and or not harm your system. Since this is a shell script and can be easily edited I strongly suggest that you don’t download it from any site but http://www.digitaloffensive.com. Please note that IDS systems need to configure to properly work in your environment. Until they are tuned you may receive false positives.
This script has been tested in-depth on CentOS 5.0, Fedora Core 7 and Fedora Core 6. This script should work on any other Linux flavor that makes use of yum and chkconfig.
This script currently makes use of the snort 2.7 and the rules that were released with this version. We do not download new rules for you as Snort requires a user account to download newer rules. We strongly suggest that if you like the Snort product that you subscribe to their subscription rule base service to receive new rules faster.
What is needed?
a) A default install of Linux with gcc (no need to choose http, mysql or anything like that)
b) A Internet Connection
What Does Instant IDS provide you?
Instant IDS provides you with a fully functional IDS system in minutes. The script will download all needed services, libraries and packages that are needed. It will install and configure each of these items based on the underlying operating system. It will also configure and start the needed services based on user input. Once done it provides you with a fully working IDS system running Snort, MySql and BASE.
What are we planning to do in the future?
Since 96% of the script pulls the newest packages using yum we plan to make sure that we keep the script up to date as new versions of Snort, Base and Libpcap are released. We plan to make the script more customizable by introducing the ability to configure variables. We plan to add more advance means of error checking and improve the code. We also plan to have it lock down the box as much as possible based on user input. With all this said we rely on the users of the script to tell us what they like and don’t like and what they would like us to do in future releases.
How to use Instant IDS
a) cd /root
b) wget http://www.digitaloffensive.com/snort/snort.sh
c) chmod 777 snort.sh
d) ./snort.sh
e) Answer the questions that you are prompted with. Please make sure that if you are using a subnet that you enter it as xxx.xxx.xxx.xxx\\/24 ß or whatever class it is.
f) The wait value you enter will give you some time to make sure there is no show stopping errors, some warning are ok. This is only to be used if there is a major issue and a library or application does not install or compile. If you see a major issue press ctrl +c to cancel the rest of the install.
g) Once instant IDS is installed we suggest you lock down your machine, here are a few examples:
a. Firewall the machine.
b. Disable root ssh access.
c. Create a mysql root password.
d. Update the systems patches
e. Disable unneeded services.
This script is released freely we ask that you keep the original authors information in it though you have right to modify the script as you see necessary. This script may not be sold.
Posted in Code | Comments (2)
December 26th, 2010 at 1:11 pm
thank you useful script
error in script
192.168.1.1
Please enter the password you want to use for snort:
ahmad123456
Enter the time in seconds to wait before moving to the next step. This will give you time to check for
errors before continuing:
1
mkdir: cannot create directory `/root/snort’: File exists
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: yum.singlehop.com
* base: mirrors.serveraxis.net
* extras: mirror.sanctuaryhost.com
* updates: mirror.sanctuaryhost.com
Excluding Packages in global exclude list
Finished
Setting up Install Process
No package mysql available.
No package mysql-bench available.
* Maybe you meant: MySQL-bench
No package mysql-server available.
* Maybe you meant: MySQL-server
No package mysql-devel available.
* Maybe you meant: MySQL-devel
No package mysqlclient10 available.
No package php-mysql available.
No package httpd available.
Package gcc-4.1.2-48.el5.i386 already installed and latest version
Package pcre-devel-6.6-2.el5_1.7.i386 already installed and latest version
No package php-gd available.
Package gd-2.0.33-9.4.el5_4.2.i386 already installed and latest version
Nothing to do
1.sh: line 34: mod_ssl: command not found
## You have 1 seconds to check for errors
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: yum.singlehop.com
* base: mirrors.serveraxis.net
* extras: mirror.sanctuaryhost.com
* updates: mirror.sanctuaryhost.com
Excluding Packages in global exclude list
Finished
Setting up Install Process
No package php available.
No package php-pear available.
Nothing to do
Updating channel “pear.php.net”
Channel “pear.php.net” is up to date
pear/Image_Canvas requires PEAR Installer (version >= 1.8.1), installed version is 1.7.2
pear/Image_Canvas requires PHP extension “gd”
pear/Image_Graph requires package “pear/Image_Canvas” (version >= 0.3.0)
pear/Image_Color requires PHP extension “gd”
downloading Numbers_Roman-1.0.2.tgz …
Starting to download Numbers_Roman-1.0.2.tgz (6,210 bytes)
…..done: 6,210 bytes
downloading Numbers_Words-0.16.2.tgz …
Starting to download Numbers_Words-0.16.2.tgz (52,956 bytes)
…done: 52,956 bytes
downloading Math_BigInteger-1.0.0.tgz …
Starting to download Math_BigInteger-1.0.0.tgz (26,138 bytes)
…done: 26,138 bytes
install ok: channel://pear.php.net/Numbers_Roman-1.0.2
install ok: channel://pear.php.net/Math_BigInteger-1.0.0
install ok: channel://pear.php.net/Numbers_Words-0.16.2
## You have 1 seconds to check for errors
–2010-12-26 12:48:27– ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.2.tar.gz
=> `pcre-7.2.tar.gz’
Resolving http://ftp.csx.cam.ac.uk... 131.111.8.80
Connecting to http://ftp.csx.cam.ac.uk|131.111.8.80|:21… connected.
Logging in as anonymous … Logged in!
==> SYST … done. ==> PWD … done.
==> TYPE I … done. ==> CWD /pub/software/programming/pcre … done.
==> SIZE pcre-7.2.tar.gz … done.
==> PASV … done. ==> RETR pcre-7.2.tar.gz …
No such file `pcre-7.2.tar.gz’.
–2010-12-26 12:48:28– http://www.tcpdump.org/release/libpcap-0.9.7.tar.gz
Resolving http://www.tcpdump.org... 69.4.231.52, 132.213.238.6, 178.77.96.193, …
Connecting to http://www.tcpdump.org|69.4.231.52|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 517562 (505K) [application/x-gzip]
Saving to: `libpcap-0.9.7.tar.gz’
100%[======================================>] 517,562 1.23M/s in 0.4s
2010-12-26 12:48:29 (1.23 MB/s) – `libpcap-0.9.7.tar.gz’ saved [517562/517562]
tar: pcre-7.2.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
1.sh: line 52: cd: pcre-7.2: No such file or directory
1.sh: line 53: ./configure: No such file or directory
## You have 1 seconds to check for errors
libpcap-0.9.7/./
libpcap-0.9.7/./missing/
libpcap-0.9.7/./missing/snprintf.c
libpcap-0.9.7/./missing/CVS/
libpcap-0.9.7/./missing/CVS/Entries
libpcap-0.9.7/./missing/CVS/Root
libpcap-0.9.7/./missing/CVS/Repository
libpcap-0.9.7/./missing/CVS/Tag
libpcap-0.9.7/./pcap-dlpi.c
libpcap-0.9.7/./README.Win32
libpcap-0.9.7/./libpcap-0.9
libpcap-0.9.7/./README.linux
libpcap-0.9.7/./fad-win32.c
libpcap-0.9.7/./pcap-dos.c
libpcap-0.9.7/./gencode.c
libpcap-0.9.7/./Win32/
libpcap-0.9.7/./Win32/CVS/
libpcap-0.9.7/./Win32/CVS/Entries
libpcap-0.9.7/./Win32/CVS/Root
libpcap-0.9.7/./Win32/CVS/Repository
libpcap-0.9.7/./Win32/CVS/Tag
libpcap-0.9.7/./Win32/Include/
libpcap-0.9.7/./Win32/Include/sockstorage.h
libpcap-0.9.7/./Win32/Include/ip6_misc.h
libpcap-0.9.7/./Win32/Include/bittypes.h
libpcap-0.9.7/./Win32/Include/inetprivate.h
libpcap-0.9.7/./Win32/Include/cdecl_ext.h
libpcap-0.9.7/./Win32/Include/net/
libpcap-0.9.7/./Win32/Include/net/paths.h
libpcap-0.9.7/./Win32/Include/net/netdb.h
libpcap-0.9.7/./Win32/Include/net/CVS/
libpcap-0.9.7/./Win32/Include/net/CVS/Entries
libpcap-0.9.7/./Win32/Include/net/CVS/Root
libpcap-0.9.7/./Win32/Include/net/CVS/Repository
libpcap-0.9.7/./Win32/Include/net/CVS/Tag
libpcap-0.9.7/./Win32/Include/net/if.h
libpcap-0.9.7/./Win32/Include/addrinfo.h
libpcap-0.9.7/./Win32/Include/CVS/
libpcap-0.9.7/./Win32/Include/CVS/Entries
libpcap-0.9.7/./Win32/Include/CVS/Root
libpcap-0.9.7/./Win32/Include/CVS/Repository
libpcap-0.9.7/./Win32/Include/CVS/Tag
libpcap-0.9.7/./Win32/Include/arpa/
libpcap-0.9.7/./Win32/Include/arpa/nameser.h
libpcap-0.9.7/./Win32/Include/arpa/CVS/
libpcap-0.9.7/./Win32/Include/arpa/CVS/Entries
libpcap-0.9.7/./Win32/Include/arpa/CVS/Root
libpcap-0.9.7/./Win32/Include/arpa/CVS/Repository
libpcap-0.9.7/./Win32/Include/arpa/CVS/Tag
libpcap-0.9.7/./Win32/Include/Gnuc.h
libpcap-0.9.7/./Win32/Src/
libpcap-0.9.7/./Win32/Src/ffs.c
libpcap-0.9.7/./Win32/Src/inet_net.c
libpcap-0.9.7/./Win32/Src/getnetbynm.c
libpcap-0.9.7/./Win32/Src/CVS/
libpcap-0.9.7/./Win32/Src/CVS/Entries
libpcap-0.9.7/./Win32/Src/CVS/Root
libpcap-0.9.7/./Win32/Src/CVS/Repository
libpcap-0.9.7/./Win32/Src/CVS/Tag
libpcap-0.9.7/./Win32/Src/inet_aton.c
libpcap-0.9.7/./Win32/Src/getopt.c
libpcap-0.9.7/./Win32/Src/gai_strerror.c
libpcap-0.9.7/./Win32/Src/getnetent.c
libpcap-0.9.7/./Win32/Src/getaddrinfo.c
libpcap-0.9.7/./Win32/Src/getservent.c
libpcap-0.9.7/./Win32/Src/inet_pton.c
libpcap-0.9.7/./Win32/Prj/
libpcap-0.9.7/./Win32/Prj/libpcap.dsp
libpcap-0.9.7/./Win32/Prj/CVS/
libpcap-0.9.7/./Win32/Prj/CVS/Entries
libpcap-0.9.7/./Win32/Prj/CVS/Root
libpcap-0.9.7/./Win32/Prj/CVS/Repository
libpcap-0.9.7/./Win32/Prj/CVS/Tag
libpcap-0.9.7/./Win32/Prj/libpcap.dsw
libpcap-0.9.7/./LICENSE
libpcap-0.9.7/./nlpid.h
libpcap-0.9.7/./pcap-int.h
libpcap-0.9.7/./pcap-nit.c
libpcap-0.9.7/./pcap.c
libpcap-0.9.7/./config.h.in
libpcap-0.9.7/./.cvsignore
libpcap-0.9.7/./CHANGES~
libpcap-0.9.7/./bpf_image.c
libpcap-0.9.7/./gencode.h
libpcap-0.9.7/./grammar.y
libpcap-0.9.7/./.#CHANGES.1.59
libpcap-0.9.7/./config.sub
libpcap-0.9.7/./bpf/
libpcap-0.9.7/./bpf/net/
libpcap-0.9.7/./bpf/net/bpf_filter.c
libpcap-0.9.7/./bpf/net/CVS/
libpcap-0.9.7/./bpf/net/CVS/Entries
libpcap-0.9.7/./bpf/net/CVS/Root
libpcap-0.9.7/./bpf/net/CVS/Repository
libpcap-0.9.7/./bpf/net/CVS/Tag
libpcap-0.9.7/./bpf/CVS/
libpcap-0.9.7/./bpf/CVS/Entries
libpcap-0.9.7/./bpf/CVS/Root
libpcap-0.9.7/./bpf/CVS/Repository
libpcap-0.9.7/./bpf/CVS/Tag
libpcap-0.9.7/./scanner.l
libpcap-0.9.7/./README.septel
libpcap-0.9.7/./fad-getad.c
libpcap-0.9.7/./packaging/
libpcap-0.9.7/./packaging/pcap.spec
libpcap-0.9.7/./packaging/CVS/
libpcap-0.9.7/./packaging/CVS/Entries
libpcap-0.9.7/./packaging/CVS/Root
libpcap-0.9.7/./packaging/CVS/Repository
libpcap-0.9.7/./packaging/CVS/Tag
libpcap-0.9.7/./packaging/pcap.spec.in
libpcap-0.9.7/./pcap.h
libpcap-0.9.7/./pcap-nit.h
libpcap-0.9.7/./wlan_filtering.patch
libpcap-0.9.7/./pcap-dag.c
libpcap-0.9.7/./net
libpcap-0.9.7/./CHANGES
libpcap-0.9.7/./Makefile.in
libpcap-0.9.7/./lbl/
libpcap-0.9.7/./lbl/os-sunos4.h
libpcap-0.9.7/./lbl/os-osf5.h
libpcap-0.9.7/./lbl/os-osf4.h
libpcap-0.9.7/./lbl/CVS/
libpcap-0.9.7/./lbl/CVS/Entries
libpcap-0.9.7/./lbl/CVS/Root
libpcap-0.9.7/./lbl/CVS/Repository
libpcap-0.9.7/./lbl/CVS/Tag
libpcap-0.9.7/./lbl/os-ultrix4.h
libpcap-0.9.7/./lbl/os-hpux11.h
libpcap-0.9.7/./lbl/os-solaris2.h
libpcap-0.9.7/./lbl/os-aix4.h
libpcap-0.9.7/./nametoaddr.c
libpcap-0.9.7/./ppp.h
libpcap-0.9.7/./README.dag
libpcap-0.9.7/./TODO
libpcap-0.9.7/./mkdep
libpcap-0.9.7/./acconfig.h
libpcap-0.9.7/./pcap-dag.h
libpcap-0.9.7/./pcap-snoop.c
libpcap-0.9.7/./fad-null.c
libpcap-0.9.7/./README.hpux
libpcap-0.9.7/./gencode.c.rej
libpcap-0.9.7/./etherent.c
libpcap-0.9.7/./pcap-namedb.h
libpcap-0.9.7/./sll.h
libpcap-0.9.7/./aclocal.m4
libpcap-0.9.7/./doc/
libpcap-0.9.7/./doc/pcap.html
libpcap-0.9.7/./doc/pcap.xml
libpcap-0.9.7/./doc/pcap.txt
libpcap-0.9.7/./doc/CVS/
libpcap-0.9.7/./doc/CVS/Entries
libpcap-0.9.7/./doc/CVS/Root
libpcap-0.9.7/./doc/CVS/Repository
libpcap-0.9.7/./doc/CVS/Tag
libpcap-0.9.7/./pcap-dos.h
libpcap-0.9.7/./.#Makefile.in.1.99.2.1
libpcap-0.9.7/./pcap-null.c
libpcap-0.9.7/./pcap-bpf.c
libpcap-0.9.7/./fad-glifc.c
libpcap-0.9.7/./FILES
libpcap-0.9.7/./pcap.3
libpcap-0.9.7/./README
libpcap-0.9.7/./CVS/
libpcap-0.9.7/./CVS/Entries
libpcap-0.9.7/./CVS/Root
libpcap-0.9.7/./CVS/Repository
libpcap-0.9.7/./CVS/Tag
libpcap-0.9.7/./sunatmpos.h
libpcap-0.9.7/./llc.h
libpcap-0.9.7/./CREDITS
libpcap-0.9.7/./pf.h
libpcap-0.9.7/./inet.c
libpcap-0.9.7/./configure
libpcap-0.9.7/./pcap1.h
libpcap-0.9.7/./pcap-bpf.h
libpcap-0.9.7/./ethertype.h
libpcap-0.9.7/./gencode.c.orig
libpcap-0.9.7/./savefile.c
libpcap-0.9.7/./pcap-stdinc.h
libpcap-0.9.7/./pcap-enet.c
libpcap-0.9.7/./ChmodBPF/
libpcap-0.9.7/./ChmodBPF/StartupParameters.plist
libpcap-0.9.7/./ChmodBPF/CVS/
libpcap-0.9.7/./ChmodBPF/CVS/Entries
libpcap-0.9.7/./ChmodBPF/CVS/Root
libpcap-0.9.7/./ChmodBPF/CVS/Repository
libpcap-0.9.7/./ChmodBPF/CVS/Tag
libpcap-0.9.7/./ChmodBPF/ChmodBPF
libpcap-0.9.7/./pcap-win32.c
libpcap-0.9.7/./README.macosx
libpcap-0.9.7/./arcnet.h
libpcap-0.9.7/./optimize.c
libpcap-0.9.7/./pcap-pf.h
libpcap-0.9.7/./SUNOS4/
libpcap-0.9.7/./SUNOS4/nit_if.o.sparc
libpcap-0.9.7/./SUNOS4/nit_if.o.sun3
libpcap-0.9.7/./SUNOS4/CVS/
libpcap-0.9.7/./SUNOS4/CVS/Entries
libpcap-0.9.7/./SUNOS4/CVS/Root
libpcap-0.9.7/./SUNOS4/CVS/Repository
libpcap-0.9.7/./SUNOS4/CVS/Tag
libpcap-0.9.7/./SUNOS4/nit_if.o.sun4c.4.0.3c
libpcap-0.9.7/./README.aix
libpcap-0.9.7/./pcap-septel.h
libpcap-0.9.7/./fad-gifc.c
libpcap-0.9.7/./atmuni31.h
libpcap-0.9.7/./msdos/
libpcap-0.9.7/./msdos/ndis_0.asm
libpcap-0.9.7/./msdos/pktdrvr.h
libpcap-0.9.7/./msdos/pkt_rx0.asm
libpcap-0.9.7/./msdos/makefile.wc
libpcap-0.9.7/./msdos/makefile
libpcap-0.9.7/./msdos/ndis2.h
libpcap-0.9.7/./msdos/readme.dos
libpcap-0.9.7/./msdos/makefile.dj
libpcap-0.9.7/./msdos/ndis2.c
libpcap-0.9.7/./msdos/CVS/
libpcap-0.9.7/./msdos/CVS/Entries
libpcap-0.9.7/./msdos/CVS/Root
libpcap-0.9.7/./msdos/CVS/Repository
libpcap-0.9.7/./msdos/CVS/Tag
libpcap-0.9.7/./msdos/bin2c.c
libpcap-0.9.7/./msdos/pkt_rx1.s
libpcap-0.9.7/./msdos/common.dj
libpcap-0.9.7/./msdos/pktdrvr.c
libpcap-0.9.7/./bpf_dump.c
libpcap-0.9.7/./configure.in
libpcap-0.9.7/./pcap-septel.c
libpcap-0.9.7/./install-sh
libpcap-0.9.7/./config.guess
libpcap-0.9.7/./INSTALL.txt
libpcap-0.9.7/./pcap-linux.c
libpcap-0.9.7/./VERSION
libpcap-0.9.7/./pcap-pf.c
libpcap-0.9.7/./pcap-snit.c
libpcap-0.9.7/./README.tru64
checking build system type… i686-pc-linux-gnu
checking host system type… i686-pc-linux-gnu
checking target system type… i686-pc-linux-gnu
checking for gcc… gcc
checking for C compiler default output file name… a.out
checking whether the C compiler works… yes
checking whether we are cross compiling… no
checking for suffix of executables…
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ANSI C… none needed
checking gcc version… 4
checking for inline… inline
checking for __attribute__… yes
checking for u_int8_t using gcc… yes
checking for u_int16_t using gcc… yes
checking for u_int32_t using gcc… yes
checking how to run the C preprocessor… gcc -E
checking for egrep… grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking sys/ioccom.h usability… no
checking sys/ioccom.h presence… no
checking for sys/ioccom.h… no
checking sys/sockio.h usability… no
checking sys/sockio.h presence… no
checking for sys/sockio.h… no
checking limits.h usability… yes
checking limits.h presence… yes
checking for limits.h… yes
checking paths.h usability… yes
checking paths.h presence… yes
checking for paths.h… yes
checking for netinet/if_ether.h… yes
checking for ANSI ioctl definitions… yes
checking for strerror… yes
checking for strlcpy… no
checking for vsnprintf… yes
checking for snprintf… yes
checking for library containing gethostbyname… none required
checking for library containing socket… none required
checking for library containing putmsg… none required
checking for ether_hostton… yes
checking whether ether_hostton is declared… no
checking netinet/ether.h usability… yes
checking netinet/ether.h presence… yes
checking for netinet/ether.h… yes
checking whether ether_hostton is declared… yes
checking if –disable-protochain option is specified… enabled
checking packet capture type… linux
checking for getifaddrs… yes
checking ifaddrs.h usability… yes
checking ifaddrs.h presence… yes
checking for ifaddrs.h… yes
checking if –enable-ipv6 option is specified… no
checking whether to build optimizer debugging code… no
checking whether to build parser debugging code… no
checking Linux kernel version… 2
checking if if_packet.h has tpacket_stats defined… yes
checking whether we have /proc/net/dev… yes
checking whether we have DAG API headers… no (/usr/local/include)
checking whether we have Septel API… no
checking for flex… flex
checking for flex 2.4 or higher… yes
checking for bison… bison
checking for ranlib… ranlib
checking if sockaddr struct has sa_len member… no
checking if sockaddr_storage struct exists… yes
checking if dl_hp_ppa_info_t struct has dl_module_id_1 member… no
checking if unaligned accesses fail… no
checking for a BSD-compatible install… /usr/bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./pcap-linux.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./fad-getad.c
sed -e ‘s/.*/static const char pcap_version_string[] = “libpcap version &”;/’ ./VERSION > version.h
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./pcap.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./inet.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./gencode.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./optimize.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./nametoaddr.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./etherent.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./savefile.c
rm -f bpf_filter.c
ln -s ./bpf/net/bpf_filter.c bpf_filter.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c bpf_filter.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./bpf_image.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./bpf_dump.c
flex -Ppcap_ -t scanner.l > $$.scanner.c; mv $$.scanner.c scanner.c
bison -y -p pcap_ -d grammar.y
mv y.tab.c grammar.c
mv y.tab.h tokdefs.h
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c scanner.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -Dyylval=pcap_lval -c grammar.c
sed -e ‘s/.*/char pcap_version[] = “&”;/’ ./VERSION > version.c
gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c version.c
ar rc libpcap.a pcap-linux.o fad-getad.o pcap.o inet.o gencode.o optimize.o nametoaddr.o etherent.o savefile.o bpf_filter.o bpf_image.o bpf_dump.o scanner.o grammar.o version.o
ranlib libpcap.a
[ -d /usr/local/lib ] || \
(mkdir -p /usr/local/lib; chmod 755 /usr/local/lib)
/usr/bin/install -c -m 644 libpcap.a /usr/local/lib/libpcap.a
ranlib /usr/local/lib/libpcap.a
[ -d /usr/local/include ] || \
(mkdir -p /usr/local/include; chmod 755 /usr/local/include)
/usr/bin/install -c -m 644 ./pcap.h /usr/local/include/pcap.h
/usr/bin/install -c -m 644 ./pcap-bpf.h \
/usr/local/include/pcap-bpf.h
/usr/bin/install -c -m 644 ./pcap-namedb.h \
/usr/local/include/pcap-namedb.h
[ -d /usr/local/man/man3 ] || \
(mkdir -p /usr/local/man/man3; chmod 755 /usr/local/man/man3)
/usr/bin/install -c -m 644 ./pcap.3 \
/usr/local/man/man3/pcap.3
## You have 1 seconds to check for errors
error reading information on service mysqld: No such file or directory
mysqld: unrecognized service
## You have 1 seconds to check for errors
–2010-12-26 12:48:37– http://www.snort.org/dl/current/snort-2.7.0.tar.gz
Resolving http://www.snort.org... 68.177.102.20
Connecting to http://www.snort.org|68.177.102.20|:80… connected.
HTTP request sent, awaiting response… 403 Forbidden
2010-12-26 12:48:38 ERROR 403: Forbidden.
tar: snort-2.7.0.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
1.sh: line 77: cd: snort-2.7.0: No such file or directory
1.sh: line 78: ./configure: No such file or directory
make: *** No targets specified and no makefile found. Stop.
1.sh: line 83: cd: etc/: No such file or directory
cp: omitting directory `libpcap-0.9.7′
cp: cannot stat `/etc/snort/snort.conf’: No such file or directory
sed: can’t read /etc/snort/snort.conf: No such file or directory
1.sh: line 90: /etc/snort/snort.conf: No such file or directory
1.sh: line 93: /etc/snort/snort.conf: Permission denied
mv: missing file operand
Try `mv –help’ for more information.
1.sh: line 95: /tmp/snort.tmp: Permission denied
sed: can’t read /etc/snort/snort.conf: No such file or directory
mv: missing file operand
Try `mv –help’ for more information.
1.sh: line 97: /tmp/snort.tmp: Permission denied
sed: can’t read /etc/snort/snort.conf: No such file or directory
mv: missing file operand
Try `mv –help’ for more information.
1.sh: line 99: /tmp/snort.tmp: Permission denied
sed: can’t read /etc/snort/snort.conf: No such file or directory
1.sh: line 104: syntax error near unexpected token `newline’
1.sh: line 104: `sed ‘s/include $RULE_PATH\/web-misc.rules/# include $RULE_PATH\/web-misc.rules/g’ /etc/snort/snort.conf >> ‘
May 19th, 2011 at 11:20 am
The script is very old and is hard coded with older packages. I suggest if you want to use it you update the script and packages.