Friday, December 18, 2009

Build snort inline in Ubuntu 9.10

For IDS experiment in Linux, I was trying snort inline and hlbr. Building hlbr was smooth. But snort inline, as of version 2.6.1.5 can't be smoothly built on Ubuntu 9.10. You need older version of libnet0. It also depend on libdnet, which in Ubuntu renamed into libdumbnet due to name conflict to older DECNet package. So you also need to modify snort inline with this patch: http://cecunguk.blankonlinux.or.id/~andika/snort-inline.patch.

$ wget http://downloads.sourceforge.net/project/snort-inline/snort_inline%20source%20%282.6.x%29/snort_inline-2.6.1.5/snort_inline-2.6.1.5.tar.gz
$ wget http://cecunguk.blankonlinux.or.id/~andika/snort-inline.patch
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7.dsc
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a.orig.tar.gz
$ wget http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7.diff.gz
# prepare old libnet
$ dpkg-source -x libnet0_1.0.2a-7.dsc
$ cd libnet0-1.0.2a
$ fakeroot debian/rules binary
$ cd ..
$ sudo dpkg -i libnet0_1.0.2a-7_*.deb
# build snort inline
$ tar xvfz snort_inline-2.6.1.5.tar.gz
$ cd snort_inline-2.6.1.5
$ patch -p1 < ../snort-inline.patch
$ sudo apt-get install iptables-dev libnetfilter-queue-dev libdumbnet-dev
$ ./configure
$ make
$ sudo make install
Happy hacking!