Package Details: snort 2.9.8.3-1

Git Clone URL: https://aur.archlinux.org/snort.git (read-only)
Package Base: snort
Description: A lightweight network intrusion detection system.
Upstream URL: http://www.snort.org
Licenses: GPL
Submitter: Snowman
Maintainer: M0Rf30
Last Packager: M0Rf30
Votes: 49
Popularity: 1.070286
First Submitted: 2012-11-16 17:33
Last Updated: 2016-06-25 16:36

Latest Comments

bidulock commented on 2015-11-23 01:26

flex and bison are both in base-devel group and core repository. To compile packages from AUR you need base-devel loaded. It does not need to be listed as a dependency unless the package relies on a specific version.

ItachiSan commented on 2015-11-22 21:50

'flex' and 'bison' should be added as "makedepends".

saez0pub commented on 2015-10-13 12:29

Hello,

Could you add other platforms :
arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'arm')
Package is compiled and works fine under arm

Thermi commented on 2015-09-21 18:42

Please use sha256 for the checksum array. MD5 is known to be broken for years.

mzimmerman commented on 2015-06-22 19:06

I noticed bison should be a prerequisite also.

fauno commented on 2015-04-18 12:58

i think it should include etc/snort/rules/emerging.conf in the backup array, i had snort running without these rules for a while because the last upgrade overwrote my changes :|

GI_Jack commented on 2015-02-05 18:55

I get this:

$ snort -vde
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..

found that this:

--with-daq-libraries=/usr/lib/

should be

--with-daq-libraries=/usr/lib/daq

because it works with this:

snort -vde --daq-dir /usr/lib/daq/


fauno commented on 2015-01-17 17:40

also, when installing the service file with "systemctl enable snort@enp0s18.service" it installs as eth0 anyway

fauno commented on 2015-01-17 17:39

could you add "--pid-path /run --create-pidfile" to the service file? :)

Dragonlord commented on 2014-12-14 21:14

Development news
http://blog.snort.org/2014/12/introducing-snort-30.html

olivervbk commented on 2014-11-22 20:16

@meAtArch
Thanks, it worked.

Would be nice if the maintainer updated the package with the correct snort@.service :)

meAtArch commented on 2014-11-15 15:50

@oliverbk

I experienced a similar problem as you did on 2014-10-31. For me "systemctl start snort" resulted in the error you describe. "systemctl start snort@wlan0" resulted in a file not found error.

What solved the problem for me was a simple:

cp /usr/lib/systemd/system/snort.service /usr/lib/systemd/system/snort@.service

Honestly, I am not sure whether a "mv" instead of a "cp" would not be better, as starting the service without specifying a device will always result in this error (at least according to the content of /usr/lib/systemd/system/snort.service).

olivervbk commented on 2014-11-02 22:16

Had to create the default snort.conf directory:
/usr/lib/snort_dynamicrules

Snort error:
ERROR: /etc/snort/snort.conf(253) Could not stat dynamic module path "/usr/lib/snort_dynamicrules": No such file or directory.

olivervbk commented on 2014-10-31 02:11

Cant get snort@wlan0 to work. Anyone know the problem?

[oliver@hecatonchires snort]$ sudo systemctl start snort@wlan0
Failed to start snort@wlan0.service: Unit snort@wlan0.service failed to load: No such file or directory.
[oliver@hecatonchires snort]$ sudo systemctl start snort
Job for snort.service failed. See 'systemctl status snort.service' and 'journalctl -xn' for details.
[oliver@hecatonchires snort]$ systemctl status snort.service
● snort.service - Snort IDS system listening on '%I'
Loaded: loaded (/usr/lib/systemd/system/snort.service; disabled)
Active: failed (Result: resources)

Oct 31 00:05:03 hecatonchires systemd[1]: Stopped Snort IDS system listening on '%I'.
Oct 31 00:05:05 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:05 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:05 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:05:49 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:49 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:49 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:09:08 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:09:08 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:09:08 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
[oliver@hecatonchires snort]$


This works:
sudo snort --daq-dir /usr/lib/daq/ -i wlan0

olivervbk commented on 2014-10-31 01:41

emerging.rules.tar.gz md5sum changed to 52fb27a0b8151cc2b906fd58ce12fb46

cosmicnut commented on 2014-07-20 10:30

this package is a little broken.
snort have changed their site layout so you need to change PKGBUILD to the source location

source=("http://www.snort.org/downloads/snort/${pkgname}-${pkgver}.tar.gz" "http://rules.emergingthreats.net/open/${pkgname}-2.9.0/emerging.rules.ta$
'snort.service')

The change seems to be at the latest build so you need to up the version to 2.9.6.2 witt the MD5 of 2a0e89a48260e45f932af94c0ebb330e

no other versions seem to be on line

amish commented on 2014-05-12 13:09

Put SKIP instead of md5sum, for emerging rule.

malosasha commented on 2014-05-12 13:05

hi the snort installation is broken : the emerging rule have been updated upstream and the md5 need to be edited from f25631a4942d7e0bb9937c883f42e87a to b0116a4ddfa92afb759d92c14f13dd20

amish commented on 2014-05-08 04:49

Do we still need rc.d file? May be it can be removed?

Systemd was made default in 2012. I doubt that 30 users who voted still use rc.d initialization.

lakechfoma commented on 2014-02-22 17:50

GI_Jack, I am not sure the exact cause of the problem but I do know you can specify the directory explicitly when you run snort like so:

snort -v --daq-dir /usr/lib/daq

GI_Jack commented on 2014-02-21 00:52

ugg

# snort -v
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..


#strace snort -v
....
open("/dev/usbmon1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon4", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon5", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
...

# snort --daq-list
No available DAQ modules (try adding directories with --daq-dir).

# ls -l /usr/lib/daq
total 60
-rwxr-xr-x 1 root root 18664 Dec 22 15:56 daq_afpacket.so
-rwxr-xr-x 1 root root 10488 Dec 22 15:56 daq_dump.so
-rwxr-xr-x 1 root root 10520 Dec 22 15:56 daq_ipfw.so
-rwxr-xr-x 1 root root 14560 Dec 22 15:56 daq_pcap.so


any clue?

GI_Jack commented on 2014-02-14 00:34

>emerging.rules.tar.gz ... FAILED


please update the hash sum for this

MilanKnizek commented on 2014-02-04 18:02

If the emerging.rules.tar.gz is kind of an often changing file and the MD5SUM verification is not required, a solution is to replace the second line of MD5 sums arraw in the PKGBUILD file with 'SKIP'.

lakechfoma commented on 2014-01-31 17:19

As cellardoor said, bison and flex need to be added as dependencies.

And (bare with me here, I am new to the AUR) can anything be done about the md5 check breaking after every update to emerging.rules.tar.gz?

Additionally and out of curiosity, why are the emergingthreats rules included but not the community rules from sourcefire?

Jub commented on 2014-01-31 00:14

Change the md5 for emerging.rules.tar.gz to cabed5c260eb71fe7100898018dd3abf and it builds fine.

esclapion commented on 2014-01-28 18:58

Problem of checksum on emerging-rules : emerging.rules.tar.gz ... ÉCHEC

bidulock commented on 2014-01-17 20:04

There was a disable static daq flag? Doh!

M0Rf30 commented on 2014-01-17 18:45

added --disable-static-daq flag to configure script. now it builds

bidulock commented on 2014-01-17 06:15

You need to install libdaq-static from AUR: yaourt -S libdaq-static
You need to replace libdaq with libdaq-static to compile snort.
You can yaourt -S libdaq after compile and replace libdaq-static.

The problem is that the latest libdaq from community discards the static library that is needed to compile snort.

ncom511 commented on 2014-01-16 19:53

add makedepends=("libdaq-static") to PKGBUILD only shows upp as missing depend..

ncom511 commented on 2014-01-16 19:52

ERROR! daq_static library not found, go get it from
http://www.snort.org/.
==> ERROR: A failure occurred in build().
Aborting...

Still i have libdaq installed..??

community/libdaq 2.0.1-1 [installed]
Data Acquisition library for packet I/O.

?????????????

bidulock commented on 2014-01-04 14:55

add makedepends=('libdaq-static') to PKGBUILD

suawekk commented on 2013-09-19 05:43

Hello, package does not build - file emerging.rules.tar.gz has changed.

patch for PKGBUILD:

diff -u snort_fixed/PKGBUILD snort_orig/PKGBUILD
--- snort_fixed/PKGBUILD 2013-09-19 07:40:23.171141835 +0200
+++ snort_orig/PKGBUILD 2013-09-18 20:02:48.000000000 +0200
@@ -58,7 +58,7 @@
}

md5sums=('8629c6353d28cb9dad689fbf615151d2'
- 'a85f919903da7970abd0b38cbb77cb2d'
+ '203cc13fbecb4f81739a21bab749ab48'
'361b8b9e40b9af0164f6b3e3da2e8277'
'b4fb8a68490589cd34df93de7609bfac'
'0d898dfe906fe45ad8562c500c36facb')

cellardoor commented on 2013-09-13 15:14

This package needs the packages bison and flex added as dependencies.

I add to install them both separately before snort would compile.

einseenai commented on 2013-08-02 15:49

==> Validating source files with md5sums...
snort-2.9.5.3.tar.gz ... Passed
emerging.rules.tar.gz ... FAILED
snort ... Passed
snort.conf.d ... Passed
snort.service ... Passed
==> ERROR: One or more files did not pass the validity check!
==> ERROR: Makepkg was unable to build snort.
==> Restart building snort ? [y/N]

Apes commented on 2013-08-01 19:52

Different md5sum

a8df3cca00fb44b80405f0eea5a04cd4 emerging.rules.tar.gz

gh0st commented on 2013-07-15 13:50

==> Validating source files with md5sums...
emerging.rules.tar.gz ... FAILED

msx commented on 2013-07-13 03:43

Thanks a lot for maintaining this tool!

M0Rf30 commented on 2013-07-08 11:20

emergingthreats rules added

xpixelz commented on 2013-07-04 12:56

Could you please include emergingthreats.net rules @ http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz
And may a better reference.config @ http://rules.emergingthreats.net/open/snort-2.9.0/reference.config

bidulock commented on 2013-04-05 02:22

namcap says that dependencies for util-linux and openssl are missing.
util-linux is in 'base' but openssl is not.

suawekk commented on 2013-03-05 21:07

Hello!
Package does not compile.
Removing backslash in PKGBUILD at the end of ./configure ... command (just before make) fixes build problem.

suawekk commented on 2013-03-05 20:42

Hello!
Package does not compile.
Removing backslash in PKGBUILD at the end of ./configure ... command fixes build problem.

Anonymous comment on 2013-02-10 01:27

can you add a service file for systemd?

deimos commented on 2012-12-06 20:01

==> WARNING: backup entry file not in package : etc/snort/confreference.config