snorby install

[PingLord]

Hello,

I found a bug in the snorby install script for CentOs.The git clone does not work.All the needed modification is changing http to https and everything is done.

Thank you

[da667]

PingLord,

thank you for reporting this.

I was prepping for shmoocon when this came in. I'll have the code updated ASAP.

Cheers man!

On Tue, Jan 14, 2014 at 8:48 PM, PingLord notifications@github.com wrote:

Hello,

I found a bug in the snorby install script for CentOs.The git clone does not work.All the needed modification is changing http to https and everything is done.

Thank you

— Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/19 .

when does reality end? when does fantasy begin?

[PingLord]

Hey man,

Im working in InfoSec and i see you are passionate about this too.Found more things to edit and change because the CentOs scripts give some errors.There are some errors regarding ruby also as it downloads the latest but we need ruby 1.9.x and he gets 2.1.x . Made some changes there too but i dont remember the server where i have those modified. Lets talk over email and maybe i can help you out also with distributed sensors as i used those scripts to create distributed sensors also and i know those were on to-do list.

Cheers man.

[da667]

PingLord,

Regarding the initial problem: 1) Confirmed that git clone over http indeed does not work for CentOS. Strangely enough, cloning over http works for Ubuntu and Debian, though. Fix will be forthcoming (Hell, might as well make Ubuntu and Debian git clone over https as well.)

If you want to "hotfix" it yourself, simply open snorby-CentOS.sh, navigate to line 106 and modify this line:

git clone http://github.com/Snorby/snorby.git

to:

git clone https://github.com/Snorby/snorby.git

(not that you didn't already figure this out, but I thought I'd post this as a solution for others who may be waiting for a fix)

2) Regarding the version of ruby pulled:

This is a result of this code (sans the error checking code):

wget http://ruby-lang.org/en/downloads -O /tmp/downloads.html rubyver=cat /tmp/downloads.html | grep -e "ruby-" | head -2 | tail -1 | cut -d"-" -f3,4 | cut -d"." -f1,2,3

Basically, I pulled the downloads page of ruby.org and through creative use of shell tools, pull the latest stable 1.9.x release (The last time I checked, snorby isn't compatible with ruby 2.X).

I changed the rubyver check to this: rubyver=cat /tmp/downloads.html | grep -e "ruby-1" | head -2 | tail -1 | cut -d"-" -f3,4 | cut -d"." -f1,2,3

and it appears to pull the compatible ruby 1.9.x version that Snorby will work with. Fixes will be coming shortly, after I've officially tested them in my VM environment.

Thanks again for reporting these problems,

DA_667

On Mon, Jan 20, 2014 at 4:00 PM, PingLord notifications@github.com wrote:

Hey man,

Im working in InfoSec and i see you are passionate about this too.Found more things to edit and change because the CentOs scripts give some errors.There are some errors regarding ruby also as it downloads the latest but we need ruby 1.9.x and he gets 2.1.x . Made some changes there too but i dont remember the server where i have those modified. Lets talk over email and maybe i can help you out also with distributed sensors as i used those scripts to create distributed sensors also and i know those were on to-do list.

Cheers man.

— Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/19#issuecomment-32796587 .

when does reality end? when does fantasy begin?

[da667]

Update: Pushed the above changes to autosnort-ubuntu today. Will have these changes pushed ot Debian and CentOS in the near future. Leaving case open until I've actually done so.

[da667]

Closing issue; Was fixed in the 3-23 release of autosnort.