Autosnort icon indicating copy to clipboard operation
Autosnort copied to clipboard

Published 20 hours ago verified publisher icon da667

Raspberry Arm version of Autosnort

Open Gualty opened this issue 10 years ago • 11 comments

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Gualty avatar Mar 21 '14 22:03 Gualty

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero [email protected] wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22 .

sniglet avatar Mar 22 '14 00:03 sniglet

You could cross compile. Don't know much about doing that but at a minimum I know you'd need the arm toolchain to compile on x86 On Mar 21, 2014 8:38 PM, "sniglet" [email protected] wrote:

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero [email protected] wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38338027 .

da667 avatar Mar 22 '14 01:03 da667

I may try my hand at cross-compiling DAQ and snort for Raspberry Pi, and at a minimum probably write up a wiki on how to do it on blindseeker. By Jove, it appears to be a challenge!

On Fri, Mar 21, 2014 at 9:15 PM, Tony Robinson [email protected]:

You could cross compile. Don't know much about doing that but at a minimum I know you'd need the arm toolchain to compile on x86 On Mar 21, 2014 8:38 PM, "sniglet" [email protected] wrote:

Heck man, give it a shot and see where it fails. Most of the packages are built from source, if your Pi has a build environment, you might be in pretty good shape. (relatively, it's not like the pi's got a lot of horsepower....or a second interface for a spanport.

On Fri, Mar 21, 2014 at 4:05 PM, Gualtiero [email protected] wrote:

Hi, can you create a ARM version of Autosnort to install on the Raspberry?

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38338027 .

when does reality end? when does fantasy begin?

da667 avatar Mar 22 '14 02:03 da667

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

zauberstuhl avatar Mar 22 '14 23:03 zauberstuhl

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt [email protected]:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38367391 .

sniglet avatar Mar 24 '14 11:03 sniglet

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh. On Mar 24, 2014 7:36 AM, "sniglet" [email protected] wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <[email protected]

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38434284 .

da667 avatar Mar 24 '14 13:03 da667

I'll check (and poke a hole in the firewall so these things don't have to wait till EOB to test.) On Mar 24, 2014 7:29 AM, "da_667" [email protected] wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh. On Mar 24, 2014 7:36 AM, "sniglet" [email protected] wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <[email protected]

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284> .

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

sniglet avatar Mar 24 '14 14:03 sniglet

reran it with the included bash...things are happy(ier)...I'll bite the bullet and put a 'standard' build on the pi....heck, I may even plumb it into the DMZ and give ya access to it if you need it.

On Mon, Mar 24, 2014 at 7:29 AM, da_667 [email protected] wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh.

On Mar 24, 2014 7:36 AM, "sniglet" [email protected] wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <[email protected]

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284>

.

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

sniglet avatar Mar 24 '14 22:03 sniglet

It got surprisngly far in the process:

[]* Secure installation script completed. Mysql-server and apache2 successfully installed.

[]* Determining newest versions of snort and daq available on snort.org..

[]* Downloaded snort-2.9.6.0.tar.gz to /usr/src.

[]* Downloaded daq-2.0.2.tar.gz to /usr/src.

[]* Configuring, making and compiling DAQ. This will take a moment or two.

[]* Failed to make. Please check /var/log/autosnort_install.log for details.

Relevant log info:

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_namet

oaddr.lo -MD -MP -MF .deps/libsfbpf_la-sf_nametoaddr.Tpo -c sf_nametoaddr.c -fPIC -DPIC -o .libs/libsfbpf_la-sf_nametoaddr.o

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_namet

oaddr.lo -MD -MP -MF .deps/libsfbpf_la-sf_nametoaddr.Tpo -c sf_nametoaddr.c -o libsfbpf_la-sf_nametoaddr.o >/dev/null 2>&1

mv -f .deps/libsfbpf_la-sf_nametoaddr.Tpo .deps/libsfbpf_la-sf_nametoaddr.Plo

/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsi

gn-compare -Wcast-align -Wextra -Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU

_SOURCE -MT libsfbpf_la-sf_optimize.lo -MD -MP -MF .deps/libsfbpf_la-sf_optimize.Tpo -c -o libsfbpf_la-sf_optimize.lo `test -f 'sf_optimize.c' || echo '.

/'`sf_optimize.c

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -Dyylval=sfbpf_lval -g -O2 -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align -Wextra

-Wformat -Wformat-security -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99 -D_GNU_SOURCE -MT libsfbpf_la-sf_optim

ize.lo -MD -MP -MF .deps/libsfbpf_la-sf_optimize.Tpo -c sf_optimize.c -fPIC -DPIC -o .libs/libsfbpf_la-sf_optimize.o

sf_optimize.c: In function 'opt_peep':

sf_optimize.c:933:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:964:34: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:968:34: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c: In function 'convert_code_r':

sf_optimize.c:2172:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c:2200:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

sf_optimize.c: In function 'fold_op':

sf_optimize.c:702:1: internal compiler error: Segmentation fault

Please submit a full bug report,

with preprocessed source if appropriate.

See file:///usr/share/doc/gcc-4.6/README.Bugs for instructions.

The bug is not reproducible, so it is likely a hardware or OS problem.

make[2]: *** [libsfbpf_la-sf_optimize.lo] Error 1

make[2]: Leaving directory `/usr/src/daq-2.0.2/sfbpf'

make[1]: *** [all-recursive] Error 1

make[1]: Leaving directory `/usr/src/daq-2.0.2'

make: *** [all] Error 2

On Mon, Mar 24, 2014 at 7:29 AM, da_667 [email protected] wrote:

Do you have bash specifically for this raspberry pi distro? There are a lot of bash specific things that won't work with plain old sh.

On Mar 24, 2014 7:36 AM, "sniglet" [email protected] wrote:

Well it sure fails early. :) Something about setting up the error log, which is wierd as the commands work properly when entered manually.

root@octopi:~# sh ./autosnort-ubuntu-02-01-2014.sh

./autosnort-ubuntu-02-01-2014.sh: 11: ./autosnort-ubuntu-02-01-2014.sh: cannot create /var/log/autosnort_install.log.pipe: Interrupted system call

./autosnort-ubuntu-02-01-2014.sh: 18: ./autosnort-ubuntu-02-01-2014.sh: Syntax error: "(" unexpected

root@octopi:~#

(And yeah, it's on an Octoprint install, it was the closest ubuntu-like install I had on a Pi...it's not currently controlling a printer, much to my chagrin, so temporary duty messin' about with Autosnort is no big deal)

root@octopi:~# cat /proc/version

Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014

root@octopi:~#

On Sat, Mar 22, 2014 at 5:22 PM, Lukas Matt <[email protected]

wrote:

It is for Arch running on raspberry, maybe it is helpful:

http://blog.zauberstuhl.de/post/68113933741/intrusion-prevention-system-for-arkos-after

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38367391> .

Reply to this email directly or view it on GitHub< https://github.com/da667/Autosnort/issues/22#issuecomment-38434284>

.

Reply to this email directly or view it on GitHubhttps://github.com/da667/Autosnort/issues/22#issuecomment-38443672 .

sniglet avatar Mar 25 '14 03:03 sniglet

I tried some month ago but lots of packages inside the auto snort script are not made for Arm so it exits with lots of different errors. Anyone who solve the problem?

Gualty avatar Apr 18 '14 09:04 Gualty

Any news?

Gualty avatar Jun 30 '14 15:06 Gualty