Hi Kumar,
I read your blog and I have a few comments on your 'step1':
Configuring and install libpcap-1.1.1 with a prefix of '/usr' will
-replace- your system's default libpcap, which might break a few things in
the future. To see what I mean, run the following on your system:
rpm -V libpcap libpcap-devel
Then check this:
rpm -q --whatrequires libpcap
On your system, /usr/lib/libpcap.so (or /usr/lib64/libpcap.so) most likely
points to libpcap.so.1.1.1 and the /usr/include/libpcap headers from 0.9.4
were replaced by those from 1.1.1.
At any case, if you are willing to compile from source, I'd suggest using
a prefix of /usr/local for all of libpcap, daq and snort.
With the custom rpm I published, you wouldn't have that issue because it
doesn't replace the system's libpcap. It installs alongside the older
RHEL-supported version and leaves 0.9.4 be the system's default.
Also, if you have a 64bit system, then chances are that you had both
libpcap.x86_64 and libpcap.i386 installed. Since you ran './configure
--prefix=/usr' on libpcap-1.1.1 with the default options, it means that
you most likely replaced the 64bit version of libpcap but not the 32bit
version. On such a system, attempting to build a 32bit app that uses
libpcap will make the compiler use the system-wide libpcap-1.1.1 headers
and it will try to link with the libpcap-0.9.4 dynamic library (which will
most likely fail).
Please don't hesitate to ask for more information on these issues.
Vincent
On Sat, 30 Oct 2010, vishesh kumar wrote:
Thanks vincent,
I appreciate your effort. I will try to install
using this rpm.
In between i successfully installed snort-2.9 on my RHEL 5 system
using source code . I shared steps of installation on my blog
http://linuxinterviews.blogspot.com/2010/10/install-snort-29-on-rhel-5.html
,
Thanks
On 10/28/10, [email protected] <[email protected]> wrote:
Hi Kumar,
Since I was unable to locate a proper src.rpm of snort-2.9.0 for RHEL5, I
built one myself (along with its requirements). I pushed all my packages
and scripts here:
http://vscojot.free.fr/dist/snort/RHEL5
There's nothing specific about these packages except this:
- both the daq and snort src.rpm were taken from snort.org and adapted to
use libpcap1 in a non-standard location (/usr/lib64/libpcap1/lib64 for
x86_64).
- daq 0.2 has a patch named 'afpacket-v4.diff' (see
http://seclists.org/snort/2010/q4/289) which people said they need for daq
under RHEL5. It was also adapted to use libpcap1 in a non-standard loc.
- libpcap1 uses libpcap-1.1.1 and attempts to install without changing the
el5 defaults (libpcap.so still points to libpcap.so.0.9.4). Still any
application that uses libpcap.so.1 will run fine thanks to the symlinks
under /usr/{lib,lib64}.
- The libdnet stuff comes from EPEL.
Please note I only built this for x86_64.
I hope this helps someone.. I'd apreciate feedback if these snort packages
do work for you (I'm not a snort user, I built these for another team).
Vincent
For the record, here's the pkg list:
-rw-r--r-- 1 anyone users 455988 Oct 28 14:36 daq-0.2-1.el5.src.rpm
-rw-r--r-- 1 anyone users 212889 Oct 28 14:36 daq-0.2-1.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 269256 Oct 28 14:36
daq-debuginfo-0.2-1.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 30022 Nov 24 2009 libdnet-1.12-6.el5.i386.rpm
-rw-r--r-- 1 anyone users 31517 Nov 24 2009 libdnet-1.12-6.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 49565 Nov 24 2009
libdnet-devel-1.12-6.el5.i386.rpm
-rw-r--r-- 1 anyone users 52065 Nov 24 2009
libdnet-devel-1.12-6.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 19176 Nov 24 2009
libdnet-progs-1.12-6.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 632791 Oct 28 14:33 libpcap1-1.1.1-5.el5.src.rpm
-rw-r--r-- 1 anyone users 201696 Oct 28 14:33
libpcap1-1.1.1-5.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 483708 Oct 28 14:33
libpcap1-debuginfo-1.1.1-5.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 167948 Oct 28 14:33
libpcap1-devel-1.1.1-5.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 5741676 Oct 28 16:56 snort-2.9.0-1.el5.src.rpm
-rw-r--r-- 1 anyone users 2260614 Oct 28 16:56 snort-2.9.0-1.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 6072955 Oct 28 16:56
snort-debuginfo-2.9.0-1.el5.x86_64.rpm
-rw-r--r-- 1 anyone users 490827 Oct 28 16:56
snort-mysql-2.9.0-1.el5.x86_64.rpm
On Wed, 27 Oct 2010, vishesh kumar wrote:
Thanks vincent for clarifying .
I will share here after successfull installation.
Thanks
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
--
,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote _.,-*~'`^`'~*-,._ [email protected]
They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places. - Robert Frost
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
