search

da667 / Autosnort

Repo for autosnort scripts.
MIT License
157 stars 89 forks source link

Raspberry Arm version of Autosnort #22

Open Gualty opened 10 years ago

Gualty commented 10 years ago

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

sniglet commented 10 years ago

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero notifications@github.com wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22 .

da667 commented 10 years ago

You could cross compile. Don't know much about doing that but at a minimum I know you'd need the arm toolchain to compile on x86 On Mar 21, 2014 8:38 PM, "sniglet" notifications@github.com wrote:

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero notifications@github.com wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38338027 .

da667 commented 10 years ago

I may try my hand at cross-compiling DAQ and snort for Raspberry Pi, and at a minimum probably write up a wiki on how to do it on blindseeker. By Jove, it appears to be a challenge!

On Fri, Mar 21, 2014 at 9:15 PM, Tony Robinson deusexmachina667@gmail.comwrote:

You could cross compile. Don't know much about doing that but at a minimum I know you'd need the arm toolchain to compile on x86 On Mar 21, 2014 8:38 PM, "sniglet" notifications@github.com wrote:

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero notifications@github.com wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38338027 .

when does reality end? when does fantasy begin?

zauberstuhl commented 10 years ago

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

sniglet commented 10 years ago

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) )

622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt notifications@github.comwrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38367391 .

da667 commented 10 years ago

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh. On Mar 24, 2014 7:36 AM, "sniglet" notifications@github.com wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) )

622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <notifications@github.com

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38434284 .

sniglet commented 10 years ago

I'll check (and poke a hole in the firewall so these things don't have to wait till EOB to test.) On Mar 24, 2014 7:29 AM, "da_667" notifications@github.com wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh. On Mar 24, 2014 7:36 AM, "sniglet" notifications@github.com wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) )

622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <notifications@github.com

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

sniglet commented 10 years ago

reran it with the included bash...things are happy(ier)...I'll bite the bullet and put a 'standard' build on the pi....heck, I may even plumb it into the DMZ and give ya access to it if you need it.

On Mon, Mar 24, 2014 at 7:29 AM, da_667 notifications@github.com wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh.

On Mar 24, 2014 7:36 AM, "sniglet" notifications@github.com wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) )

622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <notifications@github.com

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284>

.

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

sniglet commented 10 years ago

It got surprisngly far in the process:

[]* Secure installation script completed. Mysql-server and apache2 successfully installed.

[]* Determining newest versions of snort and daq available on snort.org..

[]* Downloaded snort-2.9.6.0.tar.gz to /usr/src.

[]* Downloaded daq-2.0.2.tar.gz to /usr/src.

[]* Configuring, making and compiling DAQ. This will take a moment or two.

[]* Failed to make. Please check /var/log/autosnort_install.log for details.

Relevant log info:

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_namet

oaddr.lo -MD -MP -MF .deps/libsfbpf_la-sf_nametoaddr.Tpo -c sf_nametoaddr.c -fPIC -DPIC -o .libs/libsfbpf_la-sf_nametoaddr.o

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_namet

oaddr.lo -MD -MP -MF .deps/libsfbpf_la-sf_nametoaddr.Tpo -c sf_nametoaddr.c -o libsfbpf_la-sf_nametoaddr.o >/dev/null 2>&1

mv -f .deps/libsfbpf_la-sf_nametoaddr.Tpo .deps/libsfbpf_la-sf_nametoaddr.Plo

/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsi

gn-compare -Wcast-align -Wextra -Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU

_SOURCE -MT libsfbpf_la-sf_optimize.lo -MD -MP -MF .deps/libsfbpf_la-sf_optimize.Tpo -c -o libsfbpf_la-sf_optimize.lo `test -f 'sf_optimize.c' || echo '.

/'`sf_optimize.c

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_optim

ize.lo -MD -MP -MF .deps/libsfbpf_la-sf_optimize.Tpo -c sf_optimize.c -fPIC -DPIC -o .libs/libsfbpf_la-sf_optimize.o

sf_optimize.c: In function 'opt_peep':

sf_optimize.c:933:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:964:34: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:968:34: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c: In function 'convert_code_r':

sf_optimize.c:2172:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:2200:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c: In function 'fold_op':

sf_optimize.c:702:1: internal compiler error: Segmentation fault

Please submit a full bug report,

with preprocessed source if appropriate.

See file:///usr/share/doc/gcc-4.6/README.Bugs for instructions.

The bug is not reproducible, so it is likely a hardware or OS problem.

make[2]: *\ [libsfbpf_la-sf_optimize.lo] Error 1

make[2]: Leaving directory `/usr/src/daq-2.0.2/sfbpf'

make[1]: *\ [all-recursive] Error 1

make[1]: Leaving directory `/usr/src/daq-2.0.2'

make: *\ [all] Error 2

On Mon, Mar 24, 2014 at 7:29 AM, da_667 notifications@github.com wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh.

On Mar 24, 2014 7:36 AM, "sniglet" notifications@github.com wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) )

622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <notifications@github.com

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284>

.

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

Gualty commented 10 years ago

I tried some month ago but lots of packages inside the auto snort script are not made for Arm so it exits with lots of different errors. Anyone who solve the problem?

Gualty commented 10 years ago

Any news?