ubuntu使用snort的问题

Posted 2023-05-07

安装完Snort之后在终端里输入“snort -v”
出现：
$ snort -v
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Failed to lookup for interface: no suitable device found. Please specify one with -i switch
Fatal Error, Quitting..

这是什么问题，怎么解决？

参考技术A 指定个网卡 比如加上 -i eth0本回答被提问者采纳

Ubuntu 16.04安装snort含问题解决

源码方式安装

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
tar xvzf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install

wget https://www.snort.org/downloads/snort/snort-2.9.15.tar.gz
tar xvzf snort-2.9.15.tar.gz
cd snort-2.9.15
./configure --enable-sourcefire && make && sudo make install

参考：https://www.snort.org/#get-started CentOS Fedora FreeBSD可以参考上方官方文档安装

安装过程中常见问题

1.安装daq时遇到

configure: error: Your operating system‘s lex is insufficient to compile libsfbpf. You should install both bison and flex. flex is a lex replacement that has many advantages, including being able to compile libsfbpf. For more information, see http://www.gnu.org/software/flex/flex.html

解决方式

CentOS
yum install flex bison -y
Ubuntu
apt-get install flex bison

2.安装snort时时遇到

ERROR! Libpcre header not found. Get it from http://www.pcre.org

解决方式

Ubuntu：sudo apt-get install libpcre3-dev
CentOS：sudo yum install pcre-devel

3.安装snort时遇到

ERROR! dnet header not found, go get it from http://code.google.com/p/libdnet/ or use the --with-dnet-* options, if you have it installed in an unusual place

解决方式

wget https://nchc.dl.sourceforge.net/project/libdnet/libdnet/libdnet-1.11/libdnet-1.11.tar.gz
tar -zxf libdnet-1.11.tar.gz
cd libdnet-1.11
./configure && make && make install

4.安装snort时遇到

ERROR! LuaJIT library not found. Go get it from http://www.luajit.org/ (or) Try compiling without openAppId using ‘--disable-open-appid‘

解决方式：

sudo wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
sudo tar -zxvf LuaJIT-2.0.5.tar.gz
cd LuaJIT-2.0.5/
sudo make && sudo make install

5.运行snort时遇到

snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory

解决方式：

方法一（未验证）：

第一步：export LD_LIBRARY_PATH=/usr/local/lib;

第二步：运行/sbin/ldconfig命令更新/etc/ld.so.cache;

注意：可以通过命令echo $LD_LIBRARY_PATH来查看设置内容

方法二：

创建一个符号链接：sudo ln -s /usr/local/lib/libdnet.1 /usr/lib/libdnet.1

原因：

1.liddnet.1文件在/usr/local/lib目录下，但是系统默认的装载库路径却没有这个．

2.为了加快程序执行时对共享库的定位速度，避免使用搜索路径，直接读取库列表文件/etc/ld.so.cache．