Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Support » Solaris 10 Sparc Success?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Solaris 10 Sparc Success?


Posted by cls78628 on May 13, 2005 06:55:21

I've been scouring the Internet trying to find someone who has successfully installed Snort 2.3.x on Solaris 10 Sparc. Has anyone here done this?

Posted by jritorto on March 16, 2006 12:48:31

Hi,
I deployed 2.4.3 on Solaris 10 1/06 x86 with BASE a couple of weeks ago to try for better reliability / performance than we were getting with former Linux installation. Pretty straightforward. Imagine its same on SPARC.. I'll cut/paste my installation notes for you below. Note that they're a bit stale because i've tweaked for multiple interfaces since writing them. Note links at bottom for references I used to prepare these instructions..

If you don't feel like building source, install the blastwave.org package via pkg-get. That''s really easy and all you have to do afterwards is dl the rules and adjust snort.conf.

Jacob Ritorto

*******************************
Solaris 10 (x86) 1/06 Snort/BASE build and install notes


This procedure leverages mysql, libtool and openssl shipped with Solaris 10. Naturally, you should adjust pathnames to reflect optional software versions you use.


1.

Download sources for adodb, base, snort, pcre, libpcap, libxml2, php.
2.

Set your PATH environment variable to something that works for you.
1.

For example,

/usr/sbin:/usr/bin:/opt/csw/bin:/usr/sfw/bin:/usr/ccs/bin
3.

Build and install libpcap:
1.

./configure –prefix=/opt/libpcap-0.9.4 && gmake && gmake install
4.

Build and install pcre:
1.

http://forum.sun.com/thread.jspa?messageID=104833
2.

./configure –prefix=/opt/pcre-6.3 && gmake && gmake install

5.

Build and install snort:
1.

Set your LDFLAGS environment variable to -R/opt/pcre-6.3/lib
2.

./configure --prefix=/opt/snort-2.4.3 --with-openssl --with-libpcap-includes=/opt/libpcap-0.9.4/include --with-libpcap-libraries=/opt/libpcap-0.9.4/lib --with-libpcre-includes=/opt/pcre-6.3/include --with-libpcre-libraries=/opt/pcre-6.3/lib –with-mysql=/usr/sfw && gmake && gmake install
3.

Unset your LDFLAGS environment variable.
4.

Go to snort.com to download rules. Untar them into /opt/snort-2.4.3/rules

6.

Fire up & tweak mysql:
1.

/usr/sfw/bin/mysql_install_db
2.

groupadd mysql
3.

useradd -g mysql mysql
4.

chgrp -R mysql /var/mysql
5.

chmod -R 770 /var/mysql
6.

installf SUNWmysqlr /var/mysql d 770 root mysql
7.

cp /usr/sfw/share/mysql/my-medium.cnf /var/mysql/my.cnf
8.

/usr/sfw/sbin/mysqld_safe --user=mysql &
9.

mysqladmin -u root password 'password'
10.

mysqladmin -u root -h `hostname` password 'password'
11.

set mysql to stop/start at boot, etc: (not the proper smf(5) way; sorry; please fix*.):
1.

ln /etc/sfw/mysql/mysql.server /etc/rc3.d/S99mysql
2.

ln /etc/sfw/mysql/mysql.server /etc/rc0.d/K00mysql
3.

ln /etc/sfw/mysql/mysql.server /etc/rc1.d/K00mysql
4.

ln /etc/sfw/mysql/mysql.server /etc/rc2.d/K00mysql
5.

ln /etc/sfw/mysql/mysql.server /etc/rcS.d/K00mysql
12.

Cd to snort source directory. mysql -u root -p < schemas/create_mysql snort
13.

mysql -u root -p snort

14.

mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
15.

mysql> set PASSWORD FOR snort@localhost=PASSWORD('password');
16.

mysql> flush privileges;
17.

mysql> exit

7.

Edit the /opt/snort-2.4.3/rules/snort.conf file.
1.

output database: log, mysql, dbname=snort user=snort password=password host=localhost
2.

output database: alert, mysql, dbname=snort user=snort password=password host=localhost
3.

comment out ftp_telnet preprocessor section
4.

comment out smtp preprocessor section

8.

Test snort & see if it's making database entries:
1.

snort -c /opt/snort-2.4.3/rules/snort.conf
2.

echo "SELECT count(*) FROM event" | mysql -u root -p snort

9.

Build a newer libxml2
1.

./configure –prefix=/opt/libxml2-2.6.23 && gmake && gmake install
10.

Build, install and configure php and pear:

1.

./configure --prefix=/opt/php-5.1.2 --enable-memory-limit=yes --with-apxs2=/usr/apache2/bin/apxs --with-gettext=/usr/bin/gettext --with-exif --without-mm --with-mysql=/usr/sfw --with-openssl=/usr/sfw --with-zlib --with-jpeg-dir=/usr/sfw --with-png-dir=/usr/sfw --with-exec-dir=/opt/php-5.1.2/libexec --enable-cli --enable-sockets --with-libxml-dir=/opt/libxml2-2.6.23 –with-gd && gmake && gmake install
2.

/opt/php-5.1.2/bin/pear install Image_Color
3.

/usr/local/php/bin/pear install Log
4.

/usr/local/php/bin/pear install Numbers_Roman
5.

/usr/local/php/bin/pear install http://pear.php.net/get/Numbers_Words-0.13.1.tgz
6.

/usr/local/php/bin/pear install http://pear.php.net/get/Image_Graph-0.3.0dev4.tgz

11.

Install BASE by untarring it into /var/apache2/htdocs
12.

Install adodb by untarring it into /var/apache2/htdocs
13.

copy /var/apache2/htdocs/base/base_conf.php.dist to base_conf.php and edit:
1.

$Dblib_path Full path to the ADOdb installation "/var/apache2/htdocs/adodb"
2.

$Dbtype Type of database used "mysql"
3.

$Use_Auth_System Set to 1 to force users to authenticate to use BASE 1
4.

$BASE_urlpath The root URI of your site "/base"
5.

$alert_dbname The alert database name "snort"
6.

$alert_host The alert database server "localhost"
7.

$alert_port The port where the database is stored (Leave blank if you're not running MySQL on a network socket.) ""
8.

$alert_user The username for the alert database "snort"
9.

$alert_password The password for the username "snort_user_password"


References:

http://meljr.com/~meljr/AMPSolaris10.html

http://www.sun.com/bigadmin/features/articles/intrusion_detection.html

http://www.sun.com/bigadmin/features/articles/snort_base.html

http://forum.sun.com/thread.jspa?messageID=104833

* http://www.sun.com/bigadmin/content/submitted/mysql_smf_tip.html



Posted by mpetosa on June 15, 2006 05:34:42

There seems to be a bug in instdso.sh script. I tried researching this on the internet, but came up empty. (see below)

I'm using the following to install PHP and PHP module in apache2.

./configure --prefix=/opt/php-5.1.2 --enable-memory-limit=yes --with-apxs2=/usr/apache2/bin/apxs --with-gettext=/usr/bin/gettext --with-exif --without-mm --with-mysql=/usr/sfw --with-openssl=/usr/sfw --with-zlib --with-jpeg-dir=/usr/sfw --with-png-dir=/usr/sfw --with-exec-dir=/opt/php-5.1.2/libexec --enable-cli --enable-sockets --with-libxml-dir=/opt/libxml2-2.6.23 –with-gd && gmake && gmake install

Any recommendations?

Best regards,

Mike Petosa

snip
=================================================
Installing PHP SAPI module: apache2handler
/var/apache2/build/instdso.sh SH_LIBTOOL='/var/apache2/build/libtool' libphp5.la /usr/apache2/libexec
/var/apache2/build/libtool --mode=install cp libphp5.la /usr/apache2/libexec/
cp .libs/libphp5.lai /usr/apache2/libexec/libphp5.la
cp .libs/libphp5.a /usr/apache2/libexec/libphp5.a
ranlib /usr/apache2/libexec/libphp5.a
chmod 644 /usr/apache2/libexec/libphp5.a
libtool: install: warning: remember to run `libtool --finish /usr/local/src/php-5.1.2/libs'
Warning! dlname not found in /usr/apache2/libexec/libphp5.la.
Assuming installing a .so rather than a libtool archive.
chmod 755 /usr/apache2/libexec/libphp5.so
chmod: WARNING: can't access /usr/apache2/libexec/libphp5.so
apxs:Error: Command failed with rc=65536
.
gmake: *** [install-sapi] Error 1

Posted by mpetosa on June 15, 2006 06:24:48

There seems to be a bug in instdso.sh script. I tried researching this on the internet, but came up empty. (see below)

I'm using the following to install PHP and PHP module in apache2.

./configure --prefix=/opt/php-5.1.2 --enable-memory-limit=yes --with-apxs2=/usr/apache2/bin/apxs --with-gettext=/usr/bin/gettext --with-exif --without-mm --with-mysql=/usr/sfw --with-openssl=/usr/sfw --with-zlib --with-jpeg-dir=/usr/sfw --with-png-dir=/usr/sfw --with-exec-dir=/opt/php-5.1.2/libexec --enable-cli --enable-sockets --with-libxml-dir=/opt/libxml2-2.6.23 –with-gd && gmake && gmake install

Any recommendations?

Best regards,

Mike Petosa

snip
=================================================
Installing PHP SAPI module: apache2handler
/var/apache2/build/instdso.sh SH_LIBTOOL='/var/apache2/build/libtool' libphp5.la /usr/apache2/libexec
/var/apache2/build/libtool --mode=install cp libphp5.la /usr/apache2/libexec/
cp .libs/libphp5.lai /usr/apache2/libexec/libphp5.la
cp .libs/libphp5.a /usr/apache2/libexec/libphp5.a
ranlib /usr/apache2/libexec/libphp5.a
chmod 644 /usr/apache2/libexec/libphp5.a
libtool: install: warning: remember to run `libtool --finish /usr/local/src/php-5.1.2/libs'
Warning! dlname not found in /usr/apache2/libexec/libphp5.la.
Assuming installing a .so rather than a libtool archive.
chmod 755 /usr/apache2/libexec/libphp5.so
chmod: WARNING: can't access /usr/apache2/libexec/libphp5.so
apxs:Error: Command failed with rc=65536
.
gmake: *** [install-sapi] Error 1
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.