RPi B+ errors during installation

[polleke67]

I got 3 errors during installation on the RPi B+ (2018-06-27-raspbian-stretch-lite):

1) Barnyard: [i] INFO: Installing dependencies. [!] WARNING: You will be asked for a password for MySQL service if it isn't installed in the system. Reading package lists... DoneTER to continue. Building dependency tree Reading state information... Done Package libmysqlclient-dev is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source

E: Package 'libmysqlclient-dev' has no installation candidate

    [i] INFO: Downloading BARNYARD2.

Cloning into 'barnyard2'... remote: Counting objects: 1292, done. remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292 Receiving objects: 100% (1292/1292), 1.05 MiB | 858.00 KiB/s, done. Resolving deltas: 100% (896/896), done. Snorter.sh: line 194: autoreconf: command not found

    [i] INFO: Installing BARNYARD22.

Snorter.sh: line 205: ./configure: No such file or directory make: No targets specified and no makefile found. Stop. make: No rule to make target 'install'. Stop.

    [+] INFO: BARNYARD2 installed successfully.

    [i] INFO: The SNORT database is going to be created. You will be asked for MySQL password 3 times
    [!] WARNING: Press ENTER to continue.

Snorter.sh: line 226: mysql: command not found Snorter.sh: line 227: mysql: command not found Snorter.sh: line 228: mysql: command not found Snorter.sh: line 230: /etc/snort/barnyard2.conf: Permission denied Snorter.sh: line 234: barnyard2: command not found

    [+] INFO: BARNYARD2 is successfully installed and configurated!

2) Pulledpork: PulledPork v0.7.4 - Helping you protect your bitcoin wallet!

    [+] INFO: PULLEDPORK is successfully installed and configured!
    [!] IMPORTANT: Would you like to enable Emerging Threats rules? [Y/n] y

    [+] INFO: Emerging Threats rules enabled!
    [i] INFO: Editing pulledpork.conf settings...

Snorter.sh: line 322: /usr/local/bin/ruleitor: Permission denied chmod: cannot access '/usr/local/bin/ruleitor': No such file or directory

    [!] IMPORTANT: Would you like to create a service snort? [Y/n] y

Snorter.sh: line 398: /lib/systemd/system/barnyard2.service: Permission denied Snorter.sh: line 413: /lib/systemd/system/snort.service: Permission denied Failed to enable unit: File snort.service: No such file or directory

    [i] INFO: Now you can run sudo systemctl {start|stop|status} snort .

    [!] IMPORTANT: Would you like to download new rules using PULLEDPORK? [Y/n]

Option H requires an argument \ ... some stuff.... / Prepping rules from snortrules-snapshot-29111.tar.gz for work.... Out of memory! sudo: /usr/local/bin/ruleitor: command not found

3) WebSnort: [i] INFO: running WEBSNORT on http://localhost:80.

    [!] IMPORTANT: Would you like to start WEBSNORT with the system? [Y/n] Y

    [+] INFO: WEBSNORT is successfully installed and configured!

    [!] IMPORTANT: Would you like to enable Emerging Threats and Community r

ules for detection? [Y/n] Y Snorter.sh: line 490: /etc/snort/snort.conf: Permission denied ls: cannot access '/etc/snort/rules/emerging-*.rules': No such file or directory

Snorter.sh: line 494: /etc/snort/snort.conf: Permission denied Failed to restart snort.service: Unit snort.service not found. Failed to restart barnyard2.service: Unit barnyard2.service not found.

    [+] SUCCESS: Emerging Threats and Community rules enabled

Hope you can assist....

[joanbono]

Hello @polleke67 .

First of all:

Did you run the program as root ?

Please, can you try:

sudo apt install autoconf

Then:

sudo apt install default-libmysqlclient-dev

After that, perform a sudo su. Execute Snorter as root.

Also for this Out of memory! message, make sure that you have expanded the filesystem.

sudo raspi-config

Finally, follow this steps: https://geek-university.com/raspberry-pi/expand-raspbian-filesystem/

[polleke67]

OK I did the above steps, and less errors....

1) Barnyard:

Cloning into 'barnyard2'... remote: Counting objects: 1292, done. remote: Total 1292 (delta 0), reused 0 (delta 0), pack-reused 1292 Receiving objects: 100% (1292/1292), 1.05 MiB | 295.00 KiB/s, done. Resolving deltas: 100% (896/896), done. autoreconf: Entering directory `.' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal -I ./m4 --force -I m4 autoreconf: configure.ac: tracing autoreconf: configure.ac: not using Libtool autoreconf: running: /usr/bin/autoconf --include=./m4 --force configure.ac:28: error: possibly undefined macro: AC_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1

    [i] INFO: Installing BARNYARD22.

configure: error: cannot find install-sh, install.sh, or shtool in "." "./.." "./../.." make: No targets specified and no makefile found. Stop. make: No rule to make target 'install'. Stop.

    [+] INFO: BARNYARD2 installed successfully.

    [i] INFO: The SNORT database is going to be created. You will be asked f

or MySQL password 3 times [!] WARNING: Press ENTER to continue.

Snorter.sh: line 226: mysql: command not found Snorter.sh: line 227: mysql: command not found Snorter.sh: line 228: mysql: command not found Snorter.sh: line 234: barnyard2: command not found

    [+] INFO: BARNYARD2 is successfully installed and configurated!

2) Pulledpork still out of memory

    [!] IMPORTANT: Would you like to download new rules using PULLEDPORK? [Y

/n] Y Option H requires an argument

https://github.com/shirkdog/pulledpork
  _____ ____
 `----,\    )
  `--==\\  /    PulledPork v0.7.4 - Helping you protect your bitcoin wallet!

   `--==\\/
 .-~~~~-.Y|\\_  Copyright (C) 2009-2017 JJ Cummings, Michael Shirk

@/ / 66_ and the PulledPork Team! | \ \ (") \ /-| ||'--' Rules give me wings! _\ _\

Checking latest MD5 for snortrules-snapshot-29111.tar.gz....
Rules tarball download of snortrules-snapshot-29111.tar.gz....
        They Match
        Done!
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
        They Match
        Done!
IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist...
.
Reading IP List...
Checking latest MD5 for opensource.gz....
Rules tarball download of opensource.gz....
        They Match
        Done!
Checking latest MD5 for emerging.rules.tar.gz....
Rules tarball download of emerging.rules.tar.gz....
        They Match
        Done!
Prepping rules from emerging.rules.tar.gz for work....
        Done!
Prepping rules from community-rules.tar.gz for work....
        Done!
Prepping rules from snortrules-snapshot-29111.tar.gz for work....
Out of memory!

[joanbono]

Hi @polleke67 the out of memory problem is because of the Raspberry, not related to this program.

Please try to install mysql manually and then re-run the script.

[polleke67]

OK, did a clean install: image: 2018-06-27-raspbian-stretch-lite.zip sudo apt-get update && sudo apt-get dist-upgrade -y

Expand Filesystem

sudo raspi-config sudo apt-get install git -y sudo apt install autoconf sudo apt install default-libmysqlclient-dev sudo apt-get install mysql-server -y git clone https://github.com/joanbono/Snorter.git cd Snorter/src sudo su bash Snorter.sh -o -i eth0

1) Barnyard error-message:

    [i] INFO: Installing BARNYARD22.

configure: error: cannot find install-sh, install.sh, or shtool in "." "./.." "./../.." make: No targets specified and no makefile found. Stop. make: No rule to make target 'install'. Stop.

    [+] INFO: BARNYARD2 installed successfully.

---

2) Barnyard error-message:

    [i] INFO: The SNORT database is going to be created. You will be asked for MySQL password 3 times
    [!] WARNING: Press ENTER to continue.

Enter password: Enter password: Enter password: Snorter.sh: line 234: barnyard2: command not found

---

3) Pulledpork error-message:

Prepping rules from emerging.rules.tar.gz for work.... Done! Prepping rules from community-rules.tar.gz for work.... Done! Prepping rules from opensource.gz for work.... Done! Prepping rules from snortrules-snapshot-29111.tar.gz for work.... Out of memory!

[joanbono]

Steps:

• Check if the database has been created.
• Install barnyard manually.

To install barnyard:

sudo apt install -y --force-yes autoconf libtool libdnet checkinstall yagiuda libdnet-dev locate
git clone https://github.com/firnsy/barnyard2.git
cd barnyard2
autoreconf -fvi -I ./m4
ln -s /usr/include/dumbnet.h dnet.h
./configure --with-mysql --with-mysql-libraries=/usr/lib/arm-linux-gnueabihf
make 
sudo make install

[polleke67]

I ran the commands manually successfully. I wanted to understand where and why the install went wrong.....

line 193: git clone https://github.com/firnsy/barnyard2.git && cd $HOME/snort_src/barnyard2 changed to: git clone https://github.com/firnsy/barnyard2.git cd $HOME/snort_src/barnyard2

I checked snorter.sh for control characters, but all seemed fine. I re-did the install again, using the original snorter.sh (which gave an error msg) and the amended snorter.sh (which went fine) and again same result. I can not explain it....

[joanbono]

It's weird...

So, if you confirm that the script is working, can you close the issue?

Thanks for your time and for using Snorter! 😄

Regards

[polleke67]

Hi, yes it worked fine after replacing "&&" with "\n\t" and executing snorter.sh as root. sudo sed -i 's/ \&\& /\n\t/g' /home/pi/Snorter/src/Snorter.sh sudo su bash Snorter.sh -o -i eth0