snort 를 설치하여 정보기 실기 기출 문제를 실습해보고 싶다.
일이주 전쯤이었을까 윈도우즈7 에 설치하는데 실패했었다.
어제는 CentOS 7 에서 yum install snort 로 시도하니까 그런 애가 없다고 설치가 안된다.
구글링~
https://upcloud.com/resources/tutorials/installing-snort-on-centos
How to install Snort on CentOS
Snort is a popular choice for running a network intrusion detection system or NIDS. It monitors the package data sent and received through a specific network interface. NIDS can catch threats…
upcloud.com
자료를 아래로 스크롤 하는것만으로도 오래 걸린다. snort 라는 것이 실습 이전에 설치하는 것부터 단순한 것이 아닌가 보다.
4일 후에 있을 실기 시험 준비 목적인데, 퇴근하고 집에서 설치해보자. 운이 좋으면 오늘 끝낼 수도 있다. 시험 전날까지 설치를 못할지도 모른다. 암튼 일단 한번 시도해보자
will be continued...
진행할 스크립트
yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y libnghttp2
yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.12-1.centos7.x86_64.rpm
잘 진행되다가 오류 발생
[root@centos ~]# yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm
Loaded plugins: fastestmirror, langpacks
Cannot open: https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm. Skipping.
Error: Nothing to do
[root@centos ~]# yum install https://www.snort.org/downloads/snort/snort-2.9.12-1.centos7.x86_64.rpm
Loaded plugins: fastestmirror, langpacks
Cannot open: https://www.snort.org/downloads/snort/snort-2.9.12-1.centos7.x86_64.rpm. Skipping.
Error: Nothing to do오류를 살펴보니 올바른 경로가 아니란다. 웹싸이트에서 올바른 경로를 확인함.
https://www.snort.org/downloads/snort-2.9.20-1.centos.x86_64.rpm
올바른 경로로 수정하여 시도
[root@centos ~]# yum install https://www.snort.org/downloads/snort/snort-2.9.20-1.centos.x86_64.rpm
Loaded plugins: fastestmirror, langpacks
Cannot open: https://www.snort.org/downloads/snort/snort-2.9.20-1.centos.x86_64.rpm. Skipping.
Error: Nothing to do
안됨. wget 으로 경로가 맞는지 재확인
[root@centos ~]# wget https://www.snort.org/downloads/snort/snort-2.9.20-1.centos.x86_64.rpm
--2023-07-25 21:06:22-- https://www.snort.org/downloads/snort/snort-2.9.20-1.centos.x86_64.rpm
Resolving www.snort.org (www.snort.org)... 104.18.139.9, 104.18.138.9, 2606:4700::6812:8a09, ...
Connecting to www.snort.org (www.snort.org)|104.18.139.9|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/025/688/original/snort-2.9.20-1.centos.x86_64.rpm?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMJQBJPARJ%2F20230725%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230725T120623Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=76e558016583f15406d972a96e263830ccd383552670d93d602dd4e4725c6cc5 [following]
--2023-07-25 21:06:23-- https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/025/688/original/snort-2.9.20-1.centos.x86_64.rpm?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMJQBJPARJ%2F20230725%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230725T120623Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=76e558016583f15406d972a96e263830ccd383552670d93d602dd4e4725c6cc5
Resolving snort-org-site.s3.amazonaws.com (snort-org-site.s3.amazonaws.com)... 52.216.221.97, 52.217.200.49, 16.182.68.241, ...
Connecting to snort-org-site.s3.amazonaws.com (snort-org-site.s3.amazonaws.com)|52.216.221.97|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4778424 (4.6M) []
Saving to: ‘snort-2.9.20-1.centos.x86_64.rpm’
100%[=====================================================================================================>] 4,778,424 887KB/s in 6.9s
2023-07-25 21:06:31 (679 KB/s) - ‘snort-2.9.20-1.centos.x86_64.rpm’ saved [4778424/4778424]
어떻게 할까나....
will be continued...
7월 26을 이어서 작업
yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel openssl-devel libnghttp2-devel luajit-devel
[root@centos log]# wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
--2023-07-26 21:36:07-- https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
Resolving www.snort.org (www.snort.org)... 104.18.138.9, 104.18.139.9, 2606:4700::6812:8a09, ...
Connecting to www.snort.org (www.snort.org)|104.18.138.9|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-07-26 21:36:08 ERROR 404: Not Found.
daq-2.0.6.tar.gz 파일을 구글링을 통해서 찾아봄
wget https://src.fedoraproject.org/lookaside/extras/daq/daq-2.0.6.tar.gz/2cd6da422a72c129c685fc4bb848c24c/daq-2.0.6.tar.gz
mkdir ~/snort_src && cd ~/snort_src
[root@centos log]# wget https://src.fedoraproject.org/lookaside/extras/daq/daq-2.0.6.tar.gz/2cd6da422a72c129c685fc4bb848c24c/daq-2.0.6.tar.gz
--2023-07-26 21:39:54-- https://src.fedoraproject.org/lookaside/extras/daq/daq-2.0.6.tar.gz/2cd6da422a72c129c685fc4bb848c24c/daq-2.0.6.tar.gz
Resolving src.fedoraproject.org (src.fedoraproject.org)... 38.145.60.20, 38.145.60.21
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 514687 (503K) [application/x-gzip]
Saving to: ‘daq-2.0.6.tar.gz’
100%[======================================================================================================================>] 514,687 427KB/s in 1.2s
2023-07-26 21:39:57 (427 KB/s) - ‘daq-2.0.6.tar.gz’ saved [514687/514687]
[root@centos log]# cd /
[root@centos /]# cd /root
[root@centos ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg snort-2.9.20-1.centos.x86_64.rpm study
[root@centos ~]# mkdir ~/snort_src && cd ~/snort_src
[root@centos snort_src]# ls
[root@centos snort_src]#
tar -xvzf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install
오류발생!
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra -Wforma t -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_bpf_filter.lo -MD - MP -MF .deps/libsfbpf_la-sf_bpf_filter.Tpo -c sf_bpf_filter.c -fPIC -DPIC -o .libs/libsfbpf_la-sf_bpf_filter.o
sf_bpf_filter.c: In function ‘sfbpf_filter’:
sf_bpf_filter.c:301:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (k >= buflen)
^
sf_bpf_filter.c:363:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (k >= buflen)
^
sf_bpf_filter.c:381:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (k >= buflen)
^
sf_bpf_filter.c: In function ‘sfbpf_validate’:
sf_bpf_filter.c:566:19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
for (i = 0; i < len; ++i)
... 중간 생략
make[2]: `install-data-am'를 위해 할 일이 없습니다
make[2]: Leaving directory `/root/snort_src/daq-2.0.6/os-daq-modules'
make[1]: Leaving directory `/root/snort_src/daq-2.0.6/os-daq-modules'
make[1]: Entering directory `/root/snort_src/daq-2.0.6'
make[2]: Entering directory `/root/snort_src/daq-2.0.6'
make[2]: `install-exec-am'를 위해 할 일이 없습니다
make[2]: `install-data-am'를 위해 할 일이 없습니다
./configure && make && make install
[root@centos snort_src]# wget https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz
--2023-07-26 21:55:39-- https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz
Resolving www.snort.org (www.snort.org)... 104.18.139.9, 104.18.138.9, 2606:4700::6812:8b09, ...
Connecting to www.snort.org (www.snort.org)|104.18.139.9|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-07-26 21:55:39 ERROR 404: Not Found.
다운로드 경로를 뒷북으로 찾음
https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz
https://www.snort.org/downloads/snort/snort-2.9.20.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.20.tar.gz
tar -xvzf snort-2.9.20.tar.gz
cd snort-2.9.20
./configure --enable-sourcefire && make && make install
아주 오래 걸림. 오류가 존재함
make[3]: Entering directory `/root/snort_src/snort-2.9.20/tools/u2openappid'
/usr/bin/mkdir -p '/usr/local/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c u2openappid '/usr/local/bin'
libtool: install: /usr/bin/install -c u2openappid /usr/local/bin/u2openappid
make[3]: `install-data-am'를 위해 할 일이 없습니다
make[3]: Leaving directory `/root/snort_src/snort-2.9.20/tools/u2openappid'
make[2]: Leaving directory `/root/snort_src/snort-2.9.20/tools/u2openappid'
Making install in u2streamer
make[2]: Entering directory `/root/snort_src/snort-2.9.20/tools/u2streamer'
make[3]: Entering directory `/root/snort_src/snort-2.9.20/tools/u2streamer'
/usr/bin/mkdir -p '/usr/local/bin'
/bin/sh ../../libtool --mode=install /usr/bin/install -c u2streamer '/usr/local/bin'
libtool: install: /usr/bin/install -c u2streamer /usr/local/bin/u2streamer
make[3]: `install-data-am'를 위해 할 일이 없습니다
make[3]: Leaving directory `/root/snort_src/snort-2.9.20/tools/u2streamer'
make[2]: Leaving directory `/root/snort_src/snort-2.9.20/tools/u2streamer'
make[2]: Entering directory `/root/snort_src/snort-2.9.20/tools'
make[3]: Entering directory `/root/snort_src/snort-2.9.20/tools'
/usr/bin/mkdir -p '/usr/local/bin'
/usr/bin/install -c appid_detector_builder.sh '/usr/local/bin'
make[3]: `install-data-am'를 위해 할 일이 없습니다
make[3]: Leaving directory `/root/snort_src/snort-2.9.20/tools'
make[2]: Leaving directory `/root/snort_src/snort-2.9.20/tools'
make[1]: Leaving directory `/root/snort_src/snort-2.9.20/tools'
make[1]: Entering directory `/root/snort_src/snort-2.9.20'
make[2]: Entering directory `/root/snort_src/snort-2.9.20'
make[2]: `install-exec-am'를 위해 할 일이 없습니다
/usr/bin/mkdir -p '/usr/local/share/man/man8'
/usr/bin/install -c -m 644 snort.8 '/usr/local/share/man/man8'
/usr/bin/mkdir -p '/usr/local/lib/pkgconfig'
/usr/bin/install -c -m 644 snort.pc '/usr/local/lib/pkgconfig'
make[2]: Leaving directory `/root/snort_src/snort-2.9.20'
make[1]: Leaving directory `/root/snort_src/snort-2.9.20'
아주 실패한 것만도 아닌 것 같음
sudo ln -s /usr/local/bin/snort /usr/sbin/snort 부터 이어서 또 하자
will be continued...
'정보보안기사 > linux' 카테고리의 다른 글
| [실습] http #2 (0) | 2023.07.26 |
|---|---|
| [실습] iptables (--name -j) (0) | 2023.07.25 |
| [실습] tcp wrapper (0) | 2023.07.24 |
| [실습] sendmail (0) | 2023.07.24 |
| [실습] DNS 관련 (0) | 2023.07.24 |