Package Details: snort 2.9.13-1

Git Clone URL: https://aur.archlinux.org/snort.git (read-only)
Package Base: snort
Description: A lightweight network intrusion detection system.
Upstream URL: http://www.snort.org
Licenses: GPL
Submitter: Snowman
Maintainer: robertfoster
Last Packager: robertfoster
Votes: 58
Popularity: 0.001419
First Submitted: 2012-11-16 17:33
Last Updated: 2019-04-14 22:37

Latest Comments

« First ‹ Previous 1 2 3 4 5 Next › Last »

olivervbk commented on 2014-10-31 02:11

Cant get snort@wlan0 to work. Anyone know the problem?

[oliver@hecatonchires snort]$ sudo systemctl start snort@wlan0
Failed to start snort@wlan0.service: Unit snort@wlan0.service failed to load: No such file or directory.
[oliver@hecatonchires snort]$ sudo systemctl start snort
Job for snort.service failed. See 'systemctl status snort.service' and 'journalctl -xn' for details.
[oliver@hecatonchires snort]$ systemctl status snort.service
● snort.service - Snort IDS system listening on '%I'
Loaded: loaded (/usr/lib/systemd/system/snort.service; disabled)
Active: failed (Result: resources)

Oct 31 00:05:03 hecatonchires systemd[1]: Stopped Snort IDS system listening on '%I'.
Oct 31 00:05:05 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:05 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:05 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:05:49 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:49 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:49 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:09:08 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:09:08 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:09:08 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
[oliver@hecatonchires snort]$


This works:
sudo snort --daq-dir /usr/lib/daq/ -i wlan0

olivervbk commented on 2014-10-31 01:41

emerging.rules.tar.gz md5sum changed to 52fb27a0b8151cc2b906fd58ce12fb46

cosmicnut commented on 2014-07-20 10:30

this package is a little broken.
snort have changed their site layout so you need to change PKGBUILD to the source location

source=("http://www.snort.org/downloads/snort/${pkgname}-${pkgver}.tar.gz" "http://rules.emergingthreats.net/open/${pkgname}-2.9.0/emerging.rules.ta$
'snort.service')

The change seems to be at the latest build so you need to up the version to 2.9.6.2 witt the MD5 of 2a0e89a48260e45f932af94c0ebb330e

no other versions seem to be on line

malosasha commented on 2014-05-12 13:05

hi the snort installation is broken : the emerging rule have been updated upstream and the md5 need to be edited from f25631a4942d7e0bb9937c883f42e87a to b0116a4ddfa92afb759d92c14f13dd20

lakechfoma commented on 2014-02-22 17:50

GI_Jack, I am not sure the exact cause of the problem but I do know you can specify the directory explicitly when you run snort like so:

snort -v --daq-dir /usr/lib/daq

GI_Jack commented on 2014-02-21 00:52

ugg

# snort -v
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..


#strace snort -v
....
open("/dev/usbmon1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon4", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon5", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
...

# snort --daq-list
No available DAQ modules (try adding directories with --daq-dir).

# ls -l /usr/lib/daq
total 60
-rwxr-xr-x 1 root root 18664 Dec 22 15:56 daq_afpacket.so
-rwxr-xr-x 1 root root 10488 Dec 22 15:56 daq_dump.so
-rwxr-xr-x 1 root root 10520 Dec 22 15:56 daq_ipfw.so
-rwxr-xr-x 1 root root 14560 Dec 22 15:56 daq_pcap.so


any clue?

GI_Jack commented on 2014-02-14 00:34

>emerging.rules.tar.gz ... FAILED


please update the hash sum for this

Anonymous comment on 2014-02-04 18:02

If the emerging.rules.tar.gz is kind of an often changing file and the MD5SUM verification is not required, a solution is to replace the second line of MD5 sums arraw in the PKGBUILD file with 'SKIP'.

lakechfoma commented on 2014-01-31 17:19

As cellardoor said, bison and flex need to be added as dependencies.

And (bare with me here, I am new to the AUR) can anything be done about the md5 check breaking after every update to emerging.rules.tar.gz?

Additionally and out of curiosity, why are the emergingthreats rules included but not the community rules from sourcefire?

Jub commented on 2014-01-31 00:14

Change the md5 for emerging.rules.tar.gz to cabed5c260eb71fe7100898018dd3abf and it builds fine.