Ubuntu 10.10
下载好snort-2.9.3.1.tar.gz包,开始安装:
# ./configure
遇到ERROR:
checking for pfring_open in -lpcap... no
ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h)
not found, go get it from http://www.tcpdump.org
or use the --with-libpcap-* options, if you have it installed
in unusual place. Also check if your libpcap depends on another
shared library that may be installed in an unusual place
在/usr/lib下找到了libpcap.so.1.1.1,于是输入:
# sudo ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so
再次 ./configure,遇到ERROR:
checking for pcre.h... no
ERROR! Libpcre header not found.
Get it from http://www.pcre.org
在新立得找到libpcre3-dev安装之。再次 ./configure,新的ERROR:
checking for dumbnet.h... no
ERROR! dnet header not found, go get it from
http://code.google.com/p/libdnet/ or use the --with-dnet-*
options, if you have it installed in an unusual place
在新立得安装libdumbnet-dev,继续./configure,new ERROR:
./configure: line 15155: daq-modules-config: command not found
checking for daq_load_modules in -ldaq_static... no
ERROR! daq_static library not found, go get it from
http://www.snort.org/.
从官网下载 daq-1.1.1.tar.gz,并安装,又新错误:
checking for capable lex... insufficient
configure: error: Your operating system's lex is insufficient to compile
libsfbpf. You should install both bison and flex.
flex is a lex replacement that has many advantages,
including being able to compile libsfbpf. For more
information, see http://www.gnu.org/software/flex/flex.html .
# sudo apt-get install flex
# sudo apt-get install bison
新错误:
checking for libpcap version >= "1.0.0"... no
ERROR! Libpcap library version >= 1.0.0 not found.
Get it from http://www.tcpdump.org
发现貌似是libpcap版本太低,从新立得安装libpcap-dev,
终于顺利通过check,
然后 # make
# sudo make install
daq安装完成,继续安装snort。
# cd snort-2.9.3.1
# ./configure 没问题了
# make
# sudo make install
搞定。
最后装好运行又有个错误。。
#snort -v
snort: error while loading shared libraries: libsfbpf.so.0: cannot open shared object file: No such file or directory
原来是装在/usr/local/lib了。做一个链接:
#sudo ln -s /usr/local/lib/libsfbpf.so.0.0.1 /usr/lib/libsfbpf.so.0