Eclectic Security

In this how to I’m going to show the way to compile install Snort 2.9.0.3 with in-line mode capabilities. Tested on Debian Lenny 32 bit. Precompiled .deb packages are available on my git repository, get them with:

” git clone git://gitorious.org/snort/snort2903_debianlenny.git “.

Snort Release Notes:
2010-12-20 – Snort 2.9.0.3

[*] Improvements
* Fixed an issue where “uricontent” didn’t behave correctly with
“depth”, “offset”, “distance”, and “within” modifiers.

* Fixed overlapping flags in the Shared Object rule API.

* Improved error checking for invalid combinations of “depth”, “offset”,
“distance”, and “within” modifiers in rules. Rules that mix relative
and non-relative options on the same content will now cause errors.

* Updated the documentation to fix some inconsistencies.

wget http://www.tcpdump.org/release/libpcap-1.0.0.tar.gz
tar xvfz libpcap-1.0.0.tar.gz
cd libpcap-1.0.0
./configure
make
checkinstall
dpkg -i /root/libpcap-1.0.0/libpcap_1.0.0-1_i386.deb

wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvfz libdnet-1.12.tgz
cd libdnet-1.12/
./configure
make
checkinstall
dpkg -i libdnet_1.12-1_i386.deb
ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

wget http://www.snort.org/downloads/630
tar xvfz 630
cd daq-0.5/
./configure

make
checkinstall
dpkg -i /root/daq-0.5/daq_0.5-1_i386.deb

wget http://www.snort.org/downloads/637
tar xvfz 637
cd snort-2.9.0.3/

./configure --with-mysql --enable-build-dynamic-examples --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib --enable-active-response --enable-react --enable-flexresp3 --with-libpcap-libraries=/usr/local/lib/
make
checkinstall
dpkg -i /root/snort-2.9.0.3/snort_2.9.0.3-1_i386.deb
ldconfig