configuration de snort

[bihico]

<BR> <BR>j'ai installer snort sur mon pc (linux redhat 8.0), j'ai créer une base de donnée sous Mysql, et j'ai l'es mis en ralation avec snort, mais un message d'erreur apparait : <BR> <BR>Running in IDS mode <BR>Log directory = /var/log/snort <BR> <BR>Initializing Network Interface eth0 <BR> <BR> --== Initializing Snort ==-- <BR>Initializing Output Plugins! <BR>Decoding Ethernet on interface eth0 <BR>Initializing Preprocessors! <BR>Initializing Plug-ins! <BR>Parsing Rules file /etc/snort/snort.conf <BR> <BR>+++++++++++++++++++++++++++++++++++++++++++++++++++ <BR>Initializing rule chains... <BR>No arguments to frag2 directive, setting defaults to: <BR> Fragment timeout: 60 seconds <BR> Fragment memory cap: 4194304 bytes <BR> Fragment min_ttl: 0 <BR> Fragment ttl_limit: 5 <BR> Fragment Problems: 0 <BR> Self preservation threshold: 500 <BR> Self preservation period: 90 <BR> Suspend threshold: 1000 <BR> Suspend period: 30 <BR>Stream4 config: <BR> Stateful inspection: ACTIVE <BR> Session statistics: INACTIVE <BR> Session timeout: 30 seconds <BR> Session memory cap: 8388608 bytes <BR> State alerts: INACTIVE <BR> Evasion alerts: INACTIVE <BR> Scan alerts: ACTIVE <BR> Log Flushed Streams: INACTIVE <BR> MinTTL: 1 <BR> TTL Limit: 5 <BR> Async Link: 0 <BR> State Protection: 0 <BR> Self preservation threshold: 50 <BR> Self preservation period: 90 <BR> Suspend threshold: 200 <BR> Suspend period: 30 <BR>Stream4_reassemble config: <BR> Server reassembly: INACTIVE <BR> Client reassembly: ACTIVE <BR> Reassembler alerts: ACTIVE <BR> Ports: 21 23 25 53 80 110 111 143 513 1433 <BR> Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 <BR>http_decode arguments: <BR> Unicode decoding <BR> IIS alternate Unicode decoding <BR> IIS double encoding vuln <BR> Flip backslash to slash <BR> Include additional whitespace separators <BR> Ports to decode http on: 80 <BR>rpc_decode arguments: <BR> Ports to decode RPC on: 111 32771 <BR> alert_fragments: INACTIVE <BR> alert_large_fragments: ACTIVE <BR> alert_incomplete: ACTIVE <BR> alert_multiple_requests: ACTIVE <BR>telnet_decode arguments: <BR> Ports to decode telnet on: 21 23 25 119 <BR>database: compiled support for ( ) <BR>database: configured to use mysql <BR>database: 'mysql' support is not compiled into this build of snort <BR> <BR>ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, <BR>or Windows), then check for alternate builds that contains the necessary <BR>'mysql' support. <BR> <BR>If this build of snort was compiled by you, then re-run the <BR>the ./configure script using the '--with-mysql' switch. <BR>For non-standard installations of a database, the '--with-mysql=DIR' <BR>syntax may need to be used to specify the base directory of the DB install. <BR> <BR>See the database documentation for cursory details (doc/README.database). <BR>and the URL to the most recent database plugin documentation. <BR>Fatal Error, Quitting.. <BR> <BR> <BR>

[nemesis]

il me semble que c clair la version de snort que tu utilise n'as pas le support mysql inclus ds le code compilé dc.... il t'en faut une autre...

[bihico]

mais j'ai installer la version snort-2.0

[bihico]

j'ai ossi créer télécharger un script de démarrage : mais y un message d'erreur ossi : <BR> <BR>sh: /etc/rc.d/init.d/snortd: /bin/sh : bad interpreter: No such file or directory 32256 <BR> <BR>le fichier : <BR>#!/bin/sh <BR># <BR># snortd Start/Stop the snort IDS daemon. <BR># <BR># chkconfig: 2345 40 60 <BR># description: snort is a lightweight network intrusion detection tool that <BR># currently detects more than 1100 host and network <BR># vulnerabilities, portscans, backdoors, and more. <BR># <BR># June 10, 2000 -- Dave Wreski <dave@linuxsecurity.com> <BR># - initial version <BR># <BR># July 08, 2000 Dave Wreski <dave@guardiandigital.com> <BR># - added snort user/group <BR># - support for 1.6.2 <BR> <BR># Source function library. <BR>. /etc/rc.d/init.d/functions <BR> <BR># Specify your network interface here <BR>INTERFACE=eth0 <BR> <BR># See how we were called. <BR>case "$1" in <BR> start) <BR> echo -n "Starting snort: " <BR> ifconfig eth0 up <BR> daemon /usr/local/bin/snort -U -o -i $INTERFACE -d -D <BR> -c /etc/snort/snort.conf <BR> touch /var/lock/subsys/snort <BR> sleep 3 <BR> rm /var/log/snort/alert <BR> echo <BR> ;; <BR> 28,21-28 Haut <BR> <BR>

[romeo]

J'ai exactement la meme erreur, pourtant j'ai bien compile snort avec le support mysql, modifie le fichier de conf... <BR> <BR>Qqn a resolu ce probleme ?