Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Compiling snort for OS X UNIX
It may just be paranoia, but I've ahd a rash of anon FTP and other attempts on my systems here after the attack. I've got Brickhouse installed (still new to the use of it) but I wanted to add in some alert security.

SNORT (www.snort.org) is highly recommended from what I hear, but I'm having some trouble getting it to work. I've installed the devTools have tried to compile it (after chaninging the HOST info to "localhost" in the configure file) but I'm getting a make error after the compile...

Read the rest of the article for the error output if you think you can help debug this issue...

Here's the error output:

# make
cc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include/mysql -DENABLE_MYSQL -g -O2 -Wall -c snort.c
snort.h:31: header file 'pcap.h' not found
snort.h:69: header file 'pcap-namedb.h' not found
decode.h:30: header file 'pcap.h' not found
decode.h:48: header file 'pcap-namedb.h' not found
spo_log_tcpdump.h:35: undefined type, found `pcap_dumper_t'
snort.h:426: undefined type, found `pcap_t'
snort.h:431: undefined type, found `pcap_dumper_t'
snort.c:1561: illegal function call, found `ProcessPacket'
snort.c:1561: illegal expression, found `)'
snort.c:1565: illegal expression, found `else'
snort.c:1570: illegal function prototype, found `3'
snort.c:1570: illegal function definition, found `)'
cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode
make: *** [snort.o] Error 1

No idea where to begin - seems the missing files aren't in the dir. So has anyone else been successful installing this? The website and FAQ don't mention OS X (client).

Thanks!
    •    
  • Currently 2.25 / 5
  You rated: 1 / 5 (4 votes cast)
 
[13,115 views]  

Compiling snort for OS X | 6 comments | Create New Account
Click here to return to the 'Compiling snort for OS X' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
use -no-cpp-precomp
Authored by: Anonymous on Sep 13, '01 10:19:38PM

Try using

#./configure -no-cpp-precomp

I haven't tried this myself but it often works. For more hints read the porting tips on the fink and gnu-darwin web sites

goodluck

Y



[ Reply to This | # ]
Missing libpcap headers
Authored by: blb on Sep 14, '01 02:24:16AM
While what yuriwho posted will help speed up compile, it won't fix this particular problem. The problem is that, while Apple includes libpcap libraries, they don't include the header files. Easiest thing is to grab libpcap header files and put the included files into /usr/local/include (create if necessary) then try again. If you don't trust the header files I put out there, you can grab the complete source for libpcap at ftp://ftp.ee.lbl.gov/libpcap.tar.Z.

[ Reply to This | # ]
Missing libpcap headers
Authored by: jtrascap on Sep 17, '01 03:38:42AM

Me again - I take it by header files you mean *.h files in the raw unpack? Just copy the 8 files into the directory you mentioned, right? Or do I need to do the INTSTALL as well? (No - haven't done that, since I think this will overwrite the Apple files, and I don't want to do that)

Thanks in advance..



[ Reply to This | # ]
Re: Missing libpcap headers
Authored by: blb on Sep 18, '01 11:22:06PM

Not sure which files you are referring to when you mention "the 8 files", but the ones I linked to in pcap_inc.tar.gz has just five (ethertype.h, gencode.h, pcap-int.h, pcap-namedb.h, and pcap.h) which define stuff in the libraries under /usr/lib which Apple provided. These five should be placed under /usr/local/include then try your make again.



[ Reply to This | # ]
It works
Authored by: 47ronin on Sep 14, '01 10:32:50PM

Thanks for the header files.. it works! Snort installs.. now it's just a matter of getting it to work the way I would like it to! :)



[ Reply to This | # ]
It works
Authored by: hezekiahb on May 16, '06 08:21:36AM

Check out an application called HenWen, you can download it from the OS X Downloads page under Network & Security.

-Hez



[ Reply to This | # ]