It may just be paranoia, but I've ahd a rash of anon FTP and other attempts on my systems here after the attack. I've got Brickhouse installed (still new to the use of it) but I wanted to add in some alert security.
SNORT (www.snort.org) is highly recommended from what I hear, but I'm having some trouble getting it to work. I've installed the devTools have tried to compile it (after chaninging the HOST info to "localhost" in the configure file) but I'm getting a make error after the compile...
Read the rest of the article for the error output if you think you can help debug this issue...
Here's the error output:
# make
cc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include/mysql -DENABLE_MYSQL -g -O2 -Wall -c snort.c
snort.h:31: header file 'pcap.h' not found
snort.h:69: header file 'pcap-namedb.h' not found
decode.h:30: header file 'pcap.h' not found
decode.h:48: header file 'pcap-namedb.h' not found
spo_log_tcpdump.h:35: undefined type, found `pcap_dumper_t'
snort.h:426: undefined type, found `pcap_t'
snort.h:431: undefined type, found `pcap_dumper_t'
snort.c:1561: illegal function call, found `ProcessPacket'
snort.c:1561: illegal expression, found `)'
snort.c:1565: illegal expression, found `else'
snort.c:1570: illegal function prototype, found `3'
snort.c:1570: illegal function definition, found `)'
cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode
make: *** [snort.o] Error 1
No idea where to begin - seems the missing files aren't in the dir. So has anyone else been successful installing this? The website and FAQ don't mention OS X (client).
Thanks!
Mac OS X Hints
http://hints.macworld.com/article.php?story=2001091304413237