Posted on Wednesday, 23rd September 2009 by Michael

Instant IDS v1.0

Instant IDS v1.0 is a custom shell script that will automatically download, configure and run Snort IDS and BASE web gui.

Though this script has been tested in-depth I the author do not guarantee it will work and or not harm your system. Since this is a shell script and can be easily edited I strongly suggest that you don’t download it from any site but http://www.digitaloffensive.com. Please note that IDS systems need to configure to properly work in your environment. Until they are tuned you may receive false positives.

This script has been tested in-depth on CentOS 5.0, Fedora Core 7 and Fedora Core 6. This script should work on any other Linux flavor that makes use of yum and chkconfig.

This script currently makes use of the snort 2.7 and the rules that were released with this version. We do not download new rules for you as Snort requires a user account to download newer rules. We strongly suggest that if you like the Snort product that you subscribe to their subscription rule base service to receive new rules faster.

What is needed?

a)      A default install of Linux with gcc (no need to choose http, mysql or anything like that)

b)      A Internet Connection

What Does Instant IDS provide you?

Instant IDS provides you with a fully functional IDS system in minutes. The script will download all needed services, libraries and packages that are needed. It will install and configure each of these items based on the underlying operating system. It will also configure and start the needed services based on user input. Once done it provides you with a fully working IDS system running Snort, MySql and BASE.

What are we planning to do in the future?

Since 96% of the script pulls the newest packages using yum we plan to make sure that we keep the script up to date as new versions of Snort, Base and Libpcap are released. We plan to make the script more customizable by introducing the ability to configure variables. We plan to add more advance means of error checking and improve the code. We also plan to have it lock down the box as much as possible based on user input. With all this said we rely on the users of the script to tell us what they like and don’t like and what they would like us to do in future releases.

How to use Instant IDS

a)      cd /root

b)      wget http://www.digitaloffensive.com/snort/snort.sh

c)       chmod 777 snort.sh

d)      ./snort.sh

e)      Answer the questions that you are prompted with. Please make sure that if you are using a subnet that you enter it as xxx.xxx.xxx.xxx\\/24 ß or whatever class it is.

f)       The wait value you enter will give you some time to make sure there is no show stopping errors, some warning are ok. This is only to be used if there is a major issue and a library or application does not install or compile. If you see a major issue press ctrl +c to cancel the rest of the install.

g)      Once instant IDS is installed we suggest you lock down your machine, here are a few examples:

a.       Firewall the machine.

b.      Disable root ssh access.

c.       Create a mysql root password.

d.      Update the systems patches

e.      Disable unneeded services.

This script is released freely we ask that you keep the original authors information in it though you have right to modify the script as you see necessary. This script may not be sold.

Posted in Code | Comments (2)

2 Responses to “Instant IDS v1.0”

  1. ahmad Says:

    thank you useful script

    error in script

    192.168.1.1
    Please enter the password you want to use for snort:
    ahmad123456
    Enter the time in seconds to wait before moving to the next step. This will give you time to check for
    errors before continuing:
    1
    mkdir: cannot create directory `/root/snort’: File exists
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: yum.singlehop.com
    * base: mirrors.serveraxis.net
    * extras: mirror.sanctuaryhost.com
    * updates: mirror.sanctuaryhost.com
    Excluding Packages in global exclude list
    Finished
    Setting up Install Process
    No package mysql available.
    No package mysql-bench available.
    * Maybe you meant: MySQL-bench
    No package mysql-server available.
    * Maybe you meant: MySQL-server
    No package mysql-devel available.
    * Maybe you meant: MySQL-devel
    No package mysqlclient10 available.
    No package php-mysql available.
    No package httpd available.
    Package gcc-4.1.2-48.el5.i386 already installed and latest version
    Package pcre-devel-6.6-2.el5_1.7.i386 already installed and latest version
    No package php-gd available.
    Package gd-2.0.33-9.4.el5_4.2.i386 already installed and latest version
    Nothing to do
    1.sh: line 34: mod_ssl: command not found
    ## You have 1 seconds to check for errors
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: yum.singlehop.com
    * base: mirrors.serveraxis.net
    * extras: mirror.sanctuaryhost.com
    * updates: mirror.sanctuaryhost.com
    Excluding Packages in global exclude list
    Finished
    Setting up Install Process
    No package php available.
    No package php-pear available.
    Nothing to do
    Updating channel “pear.php.net”
    Channel “pear.php.net” is up to date
    pear/Image_Canvas requires PEAR Installer (version >= 1.8.1), installed version is 1.7.2
    pear/Image_Canvas requires PHP extension “gd”
    pear/Image_Graph requires package “pear/Image_Canvas” (version >= 0.3.0)
    pear/Image_Color requires PHP extension “gd”
    downloading Numbers_Roman-1.0.2.tgz …
    Starting to download Numbers_Roman-1.0.2.tgz (6,210 bytes)
    …..done: 6,210 bytes
    downloading Numbers_Words-0.16.2.tgz …
    Starting to download Numbers_Words-0.16.2.tgz (52,956 bytes)
    …done: 52,956 bytes
    downloading Math_BigInteger-1.0.0.tgz …
    Starting to download Math_BigInteger-1.0.0.tgz (26,138 bytes)
    …done: 26,138 bytes
    install ok: channel://pear.php.net/Numbers_Roman-1.0.2
    install ok: channel://pear.php.net/Math_BigInteger-1.0.0
    install ok: channel://pear.php.net/Numbers_Words-0.16.2
    ## You have 1 seconds to check for errors
    –2010-12-26 12:48:27– ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.2.tar.gz
    => `pcre-7.2.tar.gz’
    Resolving http://ftp.csx.cam.ac.uk... 131.111.8.80
    Connecting to http://ftp.csx.cam.ac.uk|131.111.8.80|:21… connected.
    Logging in as anonymous … Logged in!
    ==> SYST … done. ==> PWD … done.
    ==> TYPE I … done. ==> CWD /pub/software/programming/pcre … done.
    ==> SIZE pcre-7.2.tar.gz … done.
    ==> PASV … done. ==> RETR pcre-7.2.tar.gz …
    No such file `pcre-7.2.tar.gz’.

    –2010-12-26 12:48:28– http://www.tcpdump.org/release/libpcap-0.9.7.tar.gz
    Resolving http://www.tcpdump.org... 69.4.231.52, 132.213.238.6, 178.77.96.193, …
    Connecting to http://www.tcpdump.org|69.4.231.52|:80… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 517562 (505K) [application/x-gzip]
    Saving to: `libpcap-0.9.7.tar.gz’

    100%[======================================>] 517,562 1.23M/s in 0.4s

    2010-12-26 12:48:29 (1.23 MB/s) – `libpcap-0.9.7.tar.gz’ saved [517562/517562]

    tar: pcre-7.2.tar.gz: Cannot open: No such file or directory
    tar: Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error exit delayed from previous errors
    1.sh: line 52: cd: pcre-7.2: No such file or directory
    1.sh: line 53: ./configure: No such file or directory
    ## You have 1 seconds to check for errors
    libpcap-0.9.7/./
    libpcap-0.9.7/./missing/
    libpcap-0.9.7/./missing/snprintf.c
    libpcap-0.9.7/./missing/CVS/
    libpcap-0.9.7/./missing/CVS/Entries
    libpcap-0.9.7/./missing/CVS/Root
    libpcap-0.9.7/./missing/CVS/Repository
    libpcap-0.9.7/./missing/CVS/Tag
    libpcap-0.9.7/./pcap-dlpi.c
    libpcap-0.9.7/./README.Win32
    libpcap-0.9.7/./libpcap-0.9
    libpcap-0.9.7/./README.linux
    libpcap-0.9.7/./fad-win32.c
    libpcap-0.9.7/./pcap-dos.c
    libpcap-0.9.7/./gencode.c
    libpcap-0.9.7/./Win32/
    libpcap-0.9.7/./Win32/CVS/
    libpcap-0.9.7/./Win32/CVS/Entries
    libpcap-0.9.7/./Win32/CVS/Root
    libpcap-0.9.7/./Win32/CVS/Repository
    libpcap-0.9.7/./Win32/CVS/Tag
    libpcap-0.9.7/./Win32/Include/
    libpcap-0.9.7/./Win32/Include/sockstorage.h
    libpcap-0.9.7/./Win32/Include/ip6_misc.h
    libpcap-0.9.7/./Win32/Include/bittypes.h
    libpcap-0.9.7/./Win32/Include/inetprivate.h
    libpcap-0.9.7/./Win32/Include/cdecl_ext.h
    libpcap-0.9.7/./Win32/Include/net/
    libpcap-0.9.7/./Win32/Include/net/paths.h
    libpcap-0.9.7/./Win32/Include/net/netdb.h
    libpcap-0.9.7/./Win32/Include/net/CVS/
    libpcap-0.9.7/./Win32/Include/net/CVS/Entries
    libpcap-0.9.7/./Win32/Include/net/CVS/Root
    libpcap-0.9.7/./Win32/Include/net/CVS/Repository
    libpcap-0.9.7/./Win32/Include/net/CVS/Tag
    libpcap-0.9.7/./Win32/Include/net/if.h
    libpcap-0.9.7/./Win32/Include/addrinfo.h
    libpcap-0.9.7/./Win32/Include/CVS/
    libpcap-0.9.7/./Win32/Include/CVS/Entries
    libpcap-0.9.7/./Win32/Include/CVS/Root
    libpcap-0.9.7/./Win32/Include/CVS/Repository
    libpcap-0.9.7/./Win32/Include/CVS/Tag
    libpcap-0.9.7/./Win32/Include/arpa/
    libpcap-0.9.7/./Win32/Include/arpa/nameser.h
    libpcap-0.9.7/./Win32/Include/arpa/CVS/
    libpcap-0.9.7/./Win32/Include/arpa/CVS/Entries
    libpcap-0.9.7/./Win32/Include/arpa/CVS/Root
    libpcap-0.9.7/./Win32/Include/arpa/CVS/Repository
    libpcap-0.9.7/./Win32/Include/arpa/CVS/Tag
    libpcap-0.9.7/./Win32/Include/Gnuc.h
    libpcap-0.9.7/./Win32/Src/
    libpcap-0.9.7/./Win32/Src/ffs.c
    libpcap-0.9.7/./Win32/Src/inet_net.c
    libpcap-0.9.7/./Win32/Src/getnetbynm.c
    libpcap-0.9.7/./Win32/Src/CVS/
    libpcap-0.9.7/./Win32/Src/CVS/Entries
    libpcap-0.9.7/./Win32/Src/CVS/Root
    libpcap-0.9.7/./Win32/Src/CVS/Repository
    libpcap-0.9.7/./Win32/Src/CVS/Tag
    libpcap-0.9.7/./Win32/Src/inet_aton.c
    libpcap-0.9.7/./Win32/Src/getopt.c
    libpcap-0.9.7/./Win32/Src/gai_strerror.c
    libpcap-0.9.7/./Win32/Src/getnetent.c
    libpcap-0.9.7/./Win32/Src/getaddrinfo.c
    libpcap-0.9.7/./Win32/Src/getservent.c
    libpcap-0.9.7/./Win32/Src/inet_pton.c
    libpcap-0.9.7/./Win32/Prj/
    libpcap-0.9.7/./Win32/Prj/libpcap.dsp
    libpcap-0.9.7/./Win32/Prj/CVS/
    libpcap-0.9.7/./Win32/Prj/CVS/Entries
    libpcap-0.9.7/./Win32/Prj/CVS/Root
    libpcap-0.9.7/./Win32/Prj/CVS/Repository
    libpcap-0.9.7/./Win32/Prj/CVS/Tag
    libpcap-0.9.7/./Win32/Prj/libpcap.dsw
    libpcap-0.9.7/./LICENSE
    libpcap-0.9.7/./nlpid.h
    libpcap-0.9.7/./pcap-int.h
    libpcap-0.9.7/./pcap-nit.c
    libpcap-0.9.7/./pcap.c
    libpcap-0.9.7/./config.h.in
    libpcap-0.9.7/./.cvsignore
    libpcap-0.9.7/./CHANGES~
    libpcap-0.9.7/./bpf_image.c
    libpcap-0.9.7/./gencode.h
    libpcap-0.9.7/./grammar.y
    libpcap-0.9.7/./.#CHANGES.1.59
    libpcap-0.9.7/./config.sub
    libpcap-0.9.7/./bpf/
    libpcap-0.9.7/./bpf/net/
    libpcap-0.9.7/./bpf/net/bpf_filter.c
    libpcap-0.9.7/./bpf/net/CVS/
    libpcap-0.9.7/./bpf/net/CVS/Entries
    libpcap-0.9.7/./bpf/net/CVS/Root
    libpcap-0.9.7/./bpf/net/CVS/Repository
    libpcap-0.9.7/./bpf/net/CVS/Tag
    libpcap-0.9.7/./bpf/CVS/
    libpcap-0.9.7/./bpf/CVS/Entries
    libpcap-0.9.7/./bpf/CVS/Root
    libpcap-0.9.7/./bpf/CVS/Repository
    libpcap-0.9.7/./bpf/CVS/Tag
    libpcap-0.9.7/./scanner.l
    libpcap-0.9.7/./README.septel
    libpcap-0.9.7/./fad-getad.c
    libpcap-0.9.7/./packaging/
    libpcap-0.9.7/./packaging/pcap.spec
    libpcap-0.9.7/./packaging/CVS/
    libpcap-0.9.7/./packaging/CVS/Entries
    libpcap-0.9.7/./packaging/CVS/Root
    libpcap-0.9.7/./packaging/CVS/Repository
    libpcap-0.9.7/./packaging/CVS/Tag
    libpcap-0.9.7/./packaging/pcap.spec.in
    libpcap-0.9.7/./pcap.h
    libpcap-0.9.7/./pcap-nit.h
    libpcap-0.9.7/./wlan_filtering.patch
    libpcap-0.9.7/./pcap-dag.c
    libpcap-0.9.7/./net
    libpcap-0.9.7/./CHANGES
    libpcap-0.9.7/./Makefile.in
    libpcap-0.9.7/./lbl/
    libpcap-0.9.7/./lbl/os-sunos4.h
    libpcap-0.9.7/./lbl/os-osf5.h
    libpcap-0.9.7/./lbl/os-osf4.h
    libpcap-0.9.7/./lbl/CVS/
    libpcap-0.9.7/./lbl/CVS/Entries
    libpcap-0.9.7/./lbl/CVS/Root
    libpcap-0.9.7/./lbl/CVS/Repository
    libpcap-0.9.7/./lbl/CVS/Tag
    libpcap-0.9.7/./lbl/os-ultrix4.h
    libpcap-0.9.7/./lbl/os-hpux11.h
    libpcap-0.9.7/./lbl/os-solaris2.h
    libpcap-0.9.7/./lbl/os-aix4.h
    libpcap-0.9.7/./nametoaddr.c
    libpcap-0.9.7/./ppp.h
    libpcap-0.9.7/./README.dag
    libpcap-0.9.7/./TODO
    libpcap-0.9.7/./mkdep
    libpcap-0.9.7/./acconfig.h
    libpcap-0.9.7/./pcap-dag.h
    libpcap-0.9.7/./pcap-snoop.c
    libpcap-0.9.7/./fad-null.c
    libpcap-0.9.7/./README.hpux
    libpcap-0.9.7/./gencode.c.rej
    libpcap-0.9.7/./etherent.c
    libpcap-0.9.7/./pcap-namedb.h
    libpcap-0.9.7/./sll.h
    libpcap-0.9.7/./aclocal.m4
    libpcap-0.9.7/./doc/
    libpcap-0.9.7/./doc/pcap.html
    libpcap-0.9.7/./doc/pcap.xml
    libpcap-0.9.7/./doc/pcap.txt
    libpcap-0.9.7/./doc/CVS/
    libpcap-0.9.7/./doc/CVS/Entries
    libpcap-0.9.7/./doc/CVS/Root
    libpcap-0.9.7/./doc/CVS/Repository
    libpcap-0.9.7/./doc/CVS/Tag
    libpcap-0.9.7/./pcap-dos.h
    libpcap-0.9.7/./.#Makefile.in.1.99.2.1
    libpcap-0.9.7/./pcap-null.c
    libpcap-0.9.7/./pcap-bpf.c
    libpcap-0.9.7/./fad-glifc.c
    libpcap-0.9.7/./FILES
    libpcap-0.9.7/./pcap.3
    libpcap-0.9.7/./README
    libpcap-0.9.7/./CVS/
    libpcap-0.9.7/./CVS/Entries
    libpcap-0.9.7/./CVS/Root
    libpcap-0.9.7/./CVS/Repository
    libpcap-0.9.7/./CVS/Tag
    libpcap-0.9.7/./sunatmpos.h
    libpcap-0.9.7/./llc.h
    libpcap-0.9.7/./CREDITS
    libpcap-0.9.7/./pf.h
    libpcap-0.9.7/./inet.c
    libpcap-0.9.7/./configure
    libpcap-0.9.7/./pcap1.h
    libpcap-0.9.7/./pcap-bpf.h
    libpcap-0.9.7/./ethertype.h
    libpcap-0.9.7/./gencode.c.orig
    libpcap-0.9.7/./savefile.c
    libpcap-0.9.7/./pcap-stdinc.h
    libpcap-0.9.7/./pcap-enet.c
    libpcap-0.9.7/./ChmodBPF/
    libpcap-0.9.7/./ChmodBPF/StartupParameters.plist
    libpcap-0.9.7/./ChmodBPF/CVS/
    libpcap-0.9.7/./ChmodBPF/CVS/Entries
    libpcap-0.9.7/./ChmodBPF/CVS/Root
    libpcap-0.9.7/./ChmodBPF/CVS/Repository
    libpcap-0.9.7/./ChmodBPF/CVS/Tag
    libpcap-0.9.7/./ChmodBPF/ChmodBPF
    libpcap-0.9.7/./pcap-win32.c
    libpcap-0.9.7/./README.macosx
    libpcap-0.9.7/./arcnet.h
    libpcap-0.9.7/./optimize.c
    libpcap-0.9.7/./pcap-pf.h
    libpcap-0.9.7/./SUNOS4/
    libpcap-0.9.7/./SUNOS4/nit_if.o.sparc
    libpcap-0.9.7/./SUNOS4/nit_if.o.sun3
    libpcap-0.9.7/./SUNOS4/CVS/
    libpcap-0.9.7/./SUNOS4/CVS/Entries
    libpcap-0.9.7/./SUNOS4/CVS/Root
    libpcap-0.9.7/./SUNOS4/CVS/Repository
    libpcap-0.9.7/./SUNOS4/CVS/Tag
    libpcap-0.9.7/./SUNOS4/nit_if.o.sun4c.4.0.3c
    libpcap-0.9.7/./README.aix
    libpcap-0.9.7/./pcap-septel.h
    libpcap-0.9.7/./fad-gifc.c
    libpcap-0.9.7/./atmuni31.h
    libpcap-0.9.7/./msdos/
    libpcap-0.9.7/./msdos/ndis_0.asm
    libpcap-0.9.7/./msdos/pktdrvr.h
    libpcap-0.9.7/./msdos/pkt_rx0.asm
    libpcap-0.9.7/./msdos/makefile.wc
    libpcap-0.9.7/./msdos/makefile
    libpcap-0.9.7/./msdos/ndis2.h
    libpcap-0.9.7/./msdos/readme.dos
    libpcap-0.9.7/./msdos/makefile.dj
    libpcap-0.9.7/./msdos/ndis2.c
    libpcap-0.9.7/./msdos/CVS/
    libpcap-0.9.7/./msdos/CVS/Entries
    libpcap-0.9.7/./msdos/CVS/Root
    libpcap-0.9.7/./msdos/CVS/Repository
    libpcap-0.9.7/./msdos/CVS/Tag
    libpcap-0.9.7/./msdos/bin2c.c
    libpcap-0.9.7/./msdos/pkt_rx1.s
    libpcap-0.9.7/./msdos/common.dj
    libpcap-0.9.7/./msdos/pktdrvr.c
    libpcap-0.9.7/./bpf_dump.c
    libpcap-0.9.7/./configure.in
    libpcap-0.9.7/./pcap-septel.c
    libpcap-0.9.7/./install-sh
    libpcap-0.9.7/./config.guess
    libpcap-0.9.7/./INSTALL.txt
    libpcap-0.9.7/./pcap-linux.c
    libpcap-0.9.7/./VERSION
    libpcap-0.9.7/./pcap-pf.c
    libpcap-0.9.7/./pcap-snit.c
    libpcap-0.9.7/./README.tru64
    checking build system type… i686-pc-linux-gnu
    checking host system type… i686-pc-linux-gnu
    checking target system type… i686-pc-linux-gnu
    checking for gcc… gcc
    checking for C compiler default output file name… a.out
    checking whether the C compiler works… yes
    checking whether we are cross compiling… no
    checking for suffix of executables…
    checking for suffix of object files… o
    checking whether we are using the GNU C compiler… yes
    checking whether gcc accepts -g… yes
    checking for gcc option to accept ANSI C… none needed
    checking gcc version… 4
    checking for inline… inline
    checking for __attribute__… yes
    checking for u_int8_t using gcc… yes
    checking for u_int16_t using gcc… yes
    checking for u_int32_t using gcc… yes
    checking how to run the C preprocessor… gcc -E
    checking for egrep… grep -E
    checking for ANSI C header files… yes
    checking for sys/types.h… yes
    checking for sys/stat.h… yes
    checking for stdlib.h… yes
    checking for string.h… yes
    checking for memory.h… yes
    checking for strings.h… yes
    checking for inttypes.h… yes
    checking for stdint.h… yes
    checking for unistd.h… yes
    checking sys/ioccom.h usability… no
    checking sys/ioccom.h presence… no
    checking for sys/ioccom.h… no
    checking sys/sockio.h usability… no
    checking sys/sockio.h presence… no
    checking for sys/sockio.h… no
    checking limits.h usability… yes
    checking limits.h presence… yes
    checking for limits.h… yes
    checking paths.h usability… yes
    checking paths.h presence… yes
    checking for paths.h… yes
    checking for netinet/if_ether.h… yes
    checking for ANSI ioctl definitions… yes
    checking for strerror… yes
    checking for strlcpy… no
    checking for vsnprintf… yes
    checking for snprintf… yes
    checking for library containing gethostbyname… none required
    checking for library containing socket… none required
    checking for library containing putmsg… none required
    checking for ether_hostton… yes
    checking whether ether_hostton is declared… no
    checking netinet/ether.h usability… yes
    checking netinet/ether.h presence… yes
    checking for netinet/ether.h… yes
    checking whether ether_hostton is declared… yes
    checking if –disable-protochain option is specified… enabled
    checking packet capture type… linux
    checking for getifaddrs… yes
    checking ifaddrs.h usability… yes
    checking ifaddrs.h presence… yes
    checking for ifaddrs.h… yes
    checking if –enable-ipv6 option is specified… no
    checking whether to build optimizer debugging code… no
    checking whether to build parser debugging code… no
    checking Linux kernel version… 2
    checking if if_packet.h has tpacket_stats defined… yes
    checking whether we have /proc/net/dev… yes
    checking whether we have DAG API headers… no (/usr/local/include)
    checking whether we have Septel API… no
    checking for flex… flex
    checking for flex 2.4 or higher… yes
    checking for bison… bison
    checking for ranlib… ranlib
    checking if sockaddr struct has sa_len member… no
    checking if sockaddr_storage struct exists… yes
    checking if dl_hp_ppa_info_t struct has dl_module_id_1 member… no
    checking if unaligned accesses fail… no
    checking for a BSD-compatible install… /usr/bin/install -c
    configure: creating ./config.status
    config.status: creating Makefile
    config.status: creating config.h
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./pcap-linux.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./fad-getad.c
    sed -e ‘s/.*/static const char pcap_version_string[] = “libpcap version &”;/’ ./VERSION > version.h
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./pcap.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./inet.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./gencode.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./optimize.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./nametoaddr.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./etherent.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./savefile.c
    rm -f bpf_filter.c
    ln -s ./bpf/net/bpf_filter.c bpf_filter.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c bpf_filter.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./bpf_image.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c ./bpf_dump.c
    flex -Ppcap_ -t scanner.l > $$.scanner.c; mv $$.scanner.c scanner.c
    bison -y -p pcap_ -d grammar.y
    mv y.tab.c grammar.c
    mv y.tab.h tokdefs.h
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c scanner.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -Dyylval=pcap_lval -c grammar.c
    sed -e ‘s/.*/char pcap_version[] = “&”;/’ ./VERSION > version.c
    gcc -O2 -fPIC -I. -DHAVE_CONFIG_H -D_U_=”__attribute__((unused))” -c version.c
    ar rc libpcap.a pcap-linux.o fad-getad.o pcap.o inet.o gencode.o optimize.o nametoaddr.o etherent.o savefile.o bpf_filter.o bpf_image.o bpf_dump.o scanner.o grammar.o version.o
    ranlib libpcap.a
    [ -d /usr/local/lib ] || \
    (mkdir -p /usr/local/lib; chmod 755 /usr/local/lib)
    /usr/bin/install -c -m 644 libpcap.a /usr/local/lib/libpcap.a
    ranlib /usr/local/lib/libpcap.a
    [ -d /usr/local/include ] || \
    (mkdir -p /usr/local/include; chmod 755 /usr/local/include)
    /usr/bin/install -c -m 644 ./pcap.h /usr/local/include/pcap.h
    /usr/bin/install -c -m 644 ./pcap-bpf.h \
    /usr/local/include/pcap-bpf.h
    /usr/bin/install -c -m 644 ./pcap-namedb.h \
    /usr/local/include/pcap-namedb.h
    [ -d /usr/local/man/man3 ] || \
    (mkdir -p /usr/local/man/man3; chmod 755 /usr/local/man/man3)
    /usr/bin/install -c -m 644 ./pcap.3 \
    /usr/local/man/man3/pcap.3
    ## You have 1 seconds to check for errors
    error reading information on service mysqld: No such file or directory
    mysqld: unrecognized service
    ## You have 1 seconds to check for errors
    –2010-12-26 12:48:37– http://www.snort.org/dl/current/snort-2.7.0.tar.gz
    Resolving http://www.snort.org... 68.177.102.20
    Connecting to http://www.snort.org|68.177.102.20|:80… connected.
    HTTP request sent, awaiting response… 403 Forbidden
    2010-12-26 12:48:38 ERROR 403: Forbidden.

    tar: snort-2.7.0.tar.gz: Cannot open: No such file or directory
    tar: Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error exit delayed from previous errors
    1.sh: line 77: cd: snort-2.7.0: No such file or directory
    1.sh: line 78: ./configure: No such file or directory
    make: *** No targets specified and no makefile found. Stop.
    1.sh: line 83: cd: etc/: No such file or directory
    cp: omitting directory `libpcap-0.9.7′
    cp: cannot stat `/etc/snort/snort.conf’: No such file or directory
    sed: can’t read /etc/snort/snort.conf: No such file or directory
    1.sh: line 90: /etc/snort/snort.conf: No such file or directory
    1.sh: line 93: /etc/snort/snort.conf: Permission denied
    mv: missing file operand
    Try `mv –help’ for more information.
    1.sh: line 95: /tmp/snort.tmp: Permission denied
    sed: can’t read /etc/snort/snort.conf: No such file or directory
    mv: missing file operand
    Try `mv –help’ for more information.
    1.sh: line 97: /tmp/snort.tmp: Permission denied
    sed: can’t read /etc/snort/snort.conf: No such file or directory
    mv: missing file operand
    Try `mv –help’ for more information.
    1.sh: line 99: /tmp/snort.tmp: Permission denied
    sed: can’t read /etc/snort/snort.conf: No such file or directory
    1.sh: line 104: syntax error near unexpected token `newline’
    1.sh: line 104: `sed ‘s/include $RULE_PATH\/web-misc.rules/# include $RULE_PATH\/web-misc.rules/g’ /etc/snort/snort.conf >> ‘

  2. Michael Says:

    The script is very old and is hard coded with older packages. I suggest if you want to use it you update the script and packages.

Leave a Reply

*