If you’re using Centos 5 and you need to install Snort on it, and if you’re not a Centos user like me (I like Ubuntu better) then chances are you might come across these really annoying instances – at times so furstrating that you’d want to smash the box on the wall. Here’s how to keep it simple.
Before installing Snort, make sure you have all the right “tools”. If you’re unsure of what you need, visit Snort.org and check out the requirements. Few other things besides the ones mentioned there that you will be needing is flex and bison. (which is the newer version of lex/yacc). Thats the easier part, here comes the annoyances:
Annoyance 1:
While installing the daq for snort, it might say that libpap is not found as shown below.
checking for pcap_lib_version… checking for pcap_lib_version in -lpcap… yes
checking for libpcap version >= “1.0.0″… no
To overcome this, go to tcpdump.org and download libpcap version 1.0.0, not the latest one i.e, 1.1.1. Now if you have already installed 1.1.1, get to the directory and do a make uninstall. untar the 1.0.0 file and do the usual thing, i.e.
./configure
make
make install
trying doing a configure for daq once more, this should do the trick.
Annoyance 2
ldaq-static not found… but we just installed daq right? what went wrong? the reason for this message is that the path has not yet been added to the linker. To over come this, do a
gedit /etc/ld.so.conf.d/daq.conf
inside the gedit, type out the path where the daq was installed to, it will be something like
/usr/local/lib/daq
Close the file and then do a ldconfig -v | grep daq
you should see some output with daq
Now get back to your snort folder and proceed with the installation. It should work out without any more hassles.
