Just for quick reference, newer versions of libpcre will install (on Ubuntu anyway) the shared object libraries in the following structure:
/usr/lib/libpcre.so
Snort, and many other apps will look for the libpcre.so.0 file. Simple fix, symlink the new one to the old name:
ln -s /usr/lib/libpcre.so /usr/lib/libpcre.so.0
This should fix any errors, and can be confirmed by running:
ldd /usr/local/bin/snort
Substituting the path to match your current install.
Installing from source, no deinstall options in the make file? No problem! – Use checkinstall instead!
On Debian based operating systems, such as Ubuntu, installing software from source often causes issues when we want to remove it. However, with this little gem (that has somehow avoided me up until now) you can remove software built from source just as if you had installed it from a package! – Checkinstall monitors where a source installation copies its files/folders and builds a .deb file based upon what happened. This can then be used to remove the software using aptitude purge ‘package name’ as you would with a package installed from the repos! How cool is that!
Just aptitude install checkinstall, run your ./configure && make && checkinstall (replacing make install with checkinstall) – it will ask you some options, such as what to do with the doc files, what to name the package and if it should clean up after itself (accepting defaults should be fine) and away you go. HTH.
Virtualisation is not something we usually associate with intrusion detection capability (minus perhaps consolidating your back-office technology & the cost saving and green benefits that brings) however there is much to be gained from developing solutions around virtual environments. Take for example the traditional sensor configuration, many implementations will focus around a single product. From the open-source perspective this would usually be one built around Snort, or perhaps Bro. Most analysts will know the limitations this brings, and most will realise that the resulting view of the network is severely limited…. Continue reading ‘The Power of Virtualisation for Comprehensive Intrusion Detection’
I will be using this post to review, day by day, the content of this course whilst I’m over here in Orlando. The course is being lead by Jonathan Ham, of jham corp and co-written by Sherri Davidoff, who have now both converged to form Lake Missoula Group – an independent, vendor-neutral consulting collective. The 558 course focuses on forensic investigations “without the hard drive” – can enough information be gathered through network analysis to make/break a case? Lets find out! Continue reading ‘Sans Security 558 – Network Forensics’
I wrote a little bash script on the weekend. Concept is simple, it takes a file name and directory as command line arguments, then searches IMDb for the title, returning the artwork (600x600px) and the genre. Script then moves the file to a given location under the “genre” folder. For example I have a folder setup with an incrontab entry that watches the folder for anything moved into it. When incron detects a file, the script is called with the monitored directory and filename as arguments. The movie and corresponding art is moved to my NAS “movies” folder, under the correct genre. Anyway, script is here (it serves my purpose, you will probably want to edit it for your own use):
Continue reading ‘Bash Script – Automatic IMDb Genre & Artwork For Movie Files’
Posted by Wordmobi
Hi. I'm Matt Newham, 23 years old. I'm a network security engineer, specializing in Intrusion Detection.
