> After installing scanlogd on hlfs and it works fine with libpcap. But when I > try building with libnids (which is reputed to be better than pcap since > pcap cannot capture fragmented packets) the libnids complains about failure > to share text segment. > > readelf produces the following output: > > root [/sources/libnids-1.23 ]# readelf -d src/libnids.so.1.23 | grep TEXTREL > 0x00000016 (TEXTREL) 0x0 > > I have tried changing the compile time flags (-fno-fast-math -fPIC -fPIE) > like I did for procps but with no luck. Need some help
Not sure what you really mean sir. Did libnids fail to build for you? Let us see your error sequence if you want related feedback on that problem. Scanlogd is pretty much useless software. Why bother; it won't protect you. libnids is a network stack emulator; not a replacement for pcap. It just runs in parallel with the kernel using a lot of horsepower. It is for specialized use. Pcap just puts your NIC in promiscuous mode, captures packets real fast, and makes that data available to other programs for analysis. It does not need to be concerned with fragmentation, flags, or anything else. !!BUT remember, a NIC in promiscuous mode is a thing of beauty to a hacker. It cannot be secured or monitored!! /* Snort_inline is probably what you really want to build. It can be queued to IPtables and will drop bad traffic, blacklist IP's, report port scans, detect virus, whatever. Fragmentation no problem. pcap not needed. With a free subscription to the rules (5000+) they can be updated daily by a cron job with oinkmaster. Oh, and yes, it builds easily on hlfs and I use it 24/7/365. */ Marty B. I only use pcap on sensors without IP's - I normally don't like promiscuous interfaces on my networks. (You can't secure them). I use snort inline to IPtables on my firewalls. That builds and works fine and is not promiscuous. -- Building a better mousetrap only results in better mice. C. Darwin
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
