Trying to install snort on Debian 4 but having trouble

dave247 · 12-03-2008, 12:34 AM

Hey guys I am running Debian 4 Etch and I am trying to install Snort (latest version). I downloaded it and am now trying to figure out how to install it so I can get going.

I have been reading the setup guide but I am confused by it. It told me to download netinst cd image and burn it to a cd, then start the install of that, but I dont know how to start that install. Do I have to reboot and start from the CD? I think I saw something that said that but it also said it might be buggy, so I dont want to mess with that if it could be unstable.

Apart from that, I tried to do apt-get install snort but it told me it is not available but referred to by another package: snort-common. So I apt-get install snort-common successfully but I dont know where to go from there.

Can someone walk me through this? I am still new to how make files work exactly and dependency stuff... I mean I know what they do but its confusing to me with all the different files and stuff....

thanks

farslayer · 12-03-2008, 07:14 AM

Not sure why it would tell you snort was unavailable.. although the version in etch is kinda old (2.3) the version in Lenny is a lot more up to date (2.7)

Code:

it-etch:~$ aptitude search snort
p   snort                                                        - flexible Network Intrusion Detection System                           
p   snort-common                                                 - flexible Network Intrusion Detection System [common files]            
p   snort-common-libraries                                       - flexible Network Intrusion Detection System ruleset                   
p   snort-doc                                                    - Documentation for the Snort IDS [documentation]                       
p   snort-mysql                                                  - flexible Network Intrusion Detection System [MySQL]                   
p   snort-pgsql                                                  - flexible Network Intrusion Detection System [PostgreSQL]              
v   snort-rules                                                  -                                                                       
p   snort-rules-default                                          - flexible Network Intrusion Detection System ruleset

Tthe guide on the Snort site seems pretty comprehensive even though it refers to an older version of snort.
http://www.snort.org/docs/setup_guid...nort-howto.pdf

What does your sources.list look like ? Could you post it here please.

dave247 · 12-03-2008, 09:49 AM

Here is my /etc/atp/sources.list

Code:

# 
# deb cdrom:[Debian GNU/Linux 4.0 r4a _Etch_ - Official i386 DVD Binary-1 20080803-20:48]/ etch contrib main

deb cdrom:[Debian GNU/Linux 4.0 r4a _Etch_ - Official i386 DVD Binary-1 20080803-20:48]/ etch contrib main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

dave247 · 12-03-2008, 12:16 PM

I am just confused by this part of that manual, "Choose this for i386 * netinst CD image (100-150 MB) [i386]Burn the iso image: debian-testing-i386-netinst.iso

Start the install and when you get to the sources section,
choose http and then choose ftp.us.debian.org (default for USA)
and it will begin to download the package listings.
"

I downloaded that ISO and burned it to a CD but I dont know what file to click on to install... there are several and I am kinda lost..

farslayer · 12-03-2008, 12:26 PM

your sources list is part of your problem, it's also why Debian couldn't find snort in teh repository.

Comment out the Line for the CDROM and add in a deb and deb-src repository for packages..
it-etch:~# cat /etc/apt/sources.list

Code:

# 
# deb cdrom:[Debian GNU/Linux testing _Etch_ - Official Beta i386 NETINST Binary-1 20070329-08:46]/ etch contrib main

# deb cdrom:[Debian GNU/Linux testing _Etch_ - Official Beta i386 NETINST Binary-1 20070329-08:46]/ etch contrib main

deb http://ftp.uwsg.indiana.edu/linux/debian/ etch main non-free contrib
deb-src http://ftp.uwsg.indiana.edu/linux/debian/ etch main non-free contrib

deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

aptitude keep-all
aptitude update
aptitude install snort-common snort-mysql snort-rules-default libpcre3 libpcap0.7 mysql-server-5.0

If you already have debian installed you can SKIP the step for downloading he netinstall.iso....

dave247 · 12-03-2008, 12:34 PM

farslayer, thanks, I did what you said but only got part success. This is the messages I got now:

Code:

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  snort: Conflicts: snort-mysql but 2.3.3-11 is to be installed
  snort-mysql: Conflicts: snort

Yes I read and tried to understand it, but I dont know exactly what I need to install now or how to deal with the conflicts before I can install the other stuff...

davidedwardgill · 12-03-2008, 01:53 PM

Hey man,

couple things to look for, if you've already began an installation previously, this package may be it.

You may want to queuery the installed packages for snort "Redhat Exmp rpm -q | grep snort". You know I don't touch debian man

. Sorry for not bein able to get the quiery for that system. It's good for you to learn anyway.

Make certain there are no other snort packages installed.

If there are, honestly, I'd find where the binary executable is and see if you can run it..

If it won't run, uninstall the package, then find a BINARY installation package and reinstall it.

I won't use anything, but binary packages. Of course, I and my customers pay a lot for redhat so binaries are a little more readily available for me.

dave247 · 12-03-2008, 02:17 PM

darn you and your redhat customers!

i give up, im just going to do the netinstall thing...already burned it to CD... so yeah we'll see if I can follow teh directions word 4 word.

word.

dave247 · 12-03-2008, 02:42 PM

oh well that was a failure. I installed it but then upon reboot i get an error about my USB device not being able to load to a port or something... i switched back to PS2 keyboard but to no avail. completely seperate problem... SO back to Debian 4 AGAIN.

farslayer · 12-03-2008, 03:53 PM

The netinstall is debian 4.. I already told you you didn't need that step since Debian was already installed.

My mistake on the snort- snort-mysql thing.. it seems they are both snort, but the one uses mysql for the backend, I thought it was an add-on.. I've edited the earlier post to correct my error.

dave247 · 12-03-2008, 05:12 PM

I ended up reinstalling Debian 4 and then tried apt-get -f install after some other command didnt work and it magically installed snort.... yeah so whatever the hell I did, I dont know, but I have Snort working now.

Thanks me. I'm welcome.