Reply To: Snort can not work on Beta16

Home Page Forums Network Management Snort IDS Snort can not work on Beta16 Reply To: Snort can not work on Beta16

#52084

chungvoky
Member

Hi,

After few days looking into patch downloaded from https://www.zeroshell.org/patch-details/#DA12, I found the way to install this patch on ZS2.0. I’m using ZS2.0RC2. You can try that as following steps:
Download and extract patch:

cd /Database
wget http://www.zeroshell.net/listing/DA12-Snort-2.8.5-1.0.beta12.tar.bz2
tar xvfj DA12-Snort-2.8.5-1.0.beta12.tar.bz2
cd DA12

Edit install script to match release version:

vim install.sh

Find and replace 1.0 by 2.0 as bellow:

  if ! ls /Database/opt/2.0/*/db/$D/Description  2>/dev/null > /dev/null ; then
echo "ABORTED: dependence failed: the update $D is required. Please install it."
exit 10
fi

Change current directory to tars directory:

cd tars

Uncompressed tar file in this directory:

tar -xjf DA12.tar.bz2

Move to opt directory:

cd opt

Change name of 1.0 directory to 2.0 and subdirectory beta12 to RC2 to match ZS release version:

mv 1.0 2.0
cd 2.0
mv beta12 RC2

Open file RC2/packages/bin/pcre-config:

vim RC2/packages/bin/pcre-config

and replace line as bellow:

prefix=/Database/opt/2.0/RC2/packages

Open file RC2/packages/etc/snort.conf:

vim RC2/packages/etc/snort.conf

Find and replace all lines content ‘1.0/beta12’ by ‘2.0/RC2’ using replace function of vim:

:%s/1.0/beta12/2.0/RC2/g

Now go to RC2/tars directory:

cd RC2/tars

Extract tar file in this:

tar -xzf DA12-files.tar.gz

cd etc

Recreate link of snort.conf:

rm -f snort.conf
ln -s /Database/opt/2.0/RC2/packages/etc/snort.conf snort.conf

Make a new directory and move init.d directory into it:

mkdir rc.d
mv init.d rc.d

Now remove old tar file, recreate new one and remove directory:

cd ..
rm -f DA12-files.tar.gz
tar -czf DA12-files.tar.gz etc
rm -rf etc

And now, recreate DA12.tar.bz2 file:

cd /Database/DA12/tars
rm -f DA12.tar.bz2
tar -cjf DA12.tar.bz2
rm -rf opt

And run install script:

cd ..
./install.sh

You can using web face to view log with session snort.