Install Bro - Network Intrusion Detection System

Posted in howto , security
0 comments

Bro - Network-based Intrusion Detection

Install the prerequisites.

I had libpcap installed already, but not libpcap-devel. Without the development package, you can’t get past ./configure

Packages

Fedora:

$ sudo yum install file-devel file-libs php-pecl-Fileinfo python-magic libpcap libpcap-devel

Ubuntu:

$ sudo apt-get install libmagic-dev libgeoip-dev

I noticed the configuration script was looking for Fortran 77 compiler support. It will compile without it, but I installed it too.
$ sudo yum install compat-gcc-34-g77

If you get errors when compiling because termcap.h is missing, try installing termcap and libtermcap packages.

term.c:59:21: error: termcap.h: No such file or directory
term.c: In function ‘term_set’:
term.c:931: warning: passing argument 3 of ‘term_alloc’ makes pointer from integer without a cast
term.c: In function ‘term_echotc’:
term.c:1429: warning: assignment makes pointer from integer without a cast

$ sudo yum install termcap libtermcap libtermcap-devel

Configure, make, install

I installed all the perftool-like packages I could find, including iperf, and I could not get configure to spit out “- Using perftools: yes”, even though it said yes for all the geoip checking as it scrolled the output. It just would not play nice on Fedora. Configuring on Ubuntu went just fine.

$ ./configure –prefix=/home/nids/bro

         Bro Configuration Summary
==========================
- Debugging enabled:      no
- OpenSSL support:        yes
- Non-blocking main loop: yes
- Non-blocking resolver:  yes
- Installation prefix:    /home/nids/bro
- Perl interpreter:       /usr/bin/perl
- Using basic_string:     yes
- Using libmagic:         Yes
- Using perftools:        no
- Binpac used:            shipped with Bro
- Using libGeoIP:         Yes
- Pcap used:              system-provided

$ make
$ sudo make install

Bro will get installed in /usr/local/bro/ by default, unless you specified a prefix in configure as I did. I also created a bro user and group to own everything and did the make as that bro user.

run bro_config in the scripts directory and it will walk you through building the bro.cfg file. It will prompt you for the archive and logs locations, and reporting interval. It will ask if you want it to figure out what network you’re on, but it’s quicker to say no and manually edit the site file by hand.

If you want encrypted reports you’ll need to generate a gpg keypair.

Posted by admica   @   27 March 2009
0 comments

Related Posts

Post thumbnail of Bro - Network Intrusion Detection System
Bro - Network Intrusion Detection System
Post thumbnail of shc compiler to compile bash shell scripts into binary
shc compiler to compile bash shell scripts into binary
Post thumbnail of How to find which package a missing file comes from with YUM or PackageKit
How to find which package a missing file comes from with YUM or PackageKit
Post thumbnail of Configuring and making OProfile for a custom kernel on Fedora
Configuring and making OProfile for a custom kernel on Fedora
Post thumbnail of Command & Conquer 3: Tiberium Wars in Linux
Command & Conquer 3: Tiberium Wars in Linux
Post thumbnail of Exploitable Adobe Download Manager
Exploitable Adobe Download Manager
Post thumbnail of Securing MySQL Server is Easy
Securing MySQL Server is Easy
Post thumbnail of Makefile breaks when making targets of another Makefile
Makefile breaks when making targets of another Makefile
Post thumbnail of Build script to utilize Makefiles to build multiple applications
Build script to utilize Makefiles to build multiple applications

0 Comments
Add Comment

No comments yet. Be the first to leave a comment !
Leave a Comment

Name

Email

Website

Previous Post
« Bro - Network Intrusion Detection System Next Post
Control VMware virtual machines from the command line »
Login



Support Us!
Recent Comments
Powered by Wordpress   |   Lunated designed by ZenVerse