To start, I am entirely new to Linux and am doing this as part of my final year project at university, I have never used linux before a few weeks ago and I have been hitting roadblock after roadblock trying to get snort installed and working for 6-7 weeks now (1-4 hours a week) among my other modules.
I have a virtual machine running Ubuntu latest release. the VM has 2 network interfaces, one is for access to the internet and the other going to be used to feed pcap files into with tcpreplay, this is named intnet in VM settings, and enp0s8 in Linux. I used the command lines sudo apt install -y snort and snort -v -c /etc/snort/snort.conf which I found Here and Here respectively. I used the first link after resetting my VM for the 3rd time and could not get snort to find LUAJit. after this I ran wget https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz and finally tar -xvzf community.tar.gz -C /etc/snort/rules from the snort website, found Here under Step 3. note I had to change the last command to tar -xvzf community-rules.tar.gz -C /etc/snort/rules to get it to work, not sure if this is a mistake on the website or on my end.
When i run snort using snort -v , to run in verbose mode, there are no errors or warnings, but when I use snort -i enp0s8 for the specific network I want to use I get a warning that is something about no pre-processors for policy 0. This is an error I had a lot while trying to install snort at all let alone work with it. I have also noticed that there is a test using snort -t (possibly uppercase T, can't remember), I get an error regarding not using a rules file, but then when I use the snort -c to specify community-rules I can't seem to get it to accept the rules file although this is just because I'm assuming test is a general test of the program, might be wrong about that.
This is beginning to really stress me out, to the point of making this account just to see if anyone can help.
any help is much appreciated, it is almost midnight I will be back on tomorrow morning so sorry if I don't reply for a while
tl;dr snort monitoring wrong interface,, using -i gives pre-processor warning, -t says no rules file and -c will not recognise rules file
Related
I'm new here, so apologies if this is the wrong forum, but I do need to debug this setup script so it seems appropriate enough.
I bought a USB WiFi chip on Amazon (the Ourlink AC600) which uses the Realtek 8811CU chipset and the installation script it comes with for Linux is giving me errors right off the bat.
I tried more or less to debug but I'm simply awful with shell scripts so I didn't make too much progress. Here's the output of running chmod +x install.sh && /install.sh:
##################################################
Realtek Wi-Fi driver Auto installation script
November, 21 2011 v1.1.0
##################################################
Decompress the driver source tar ball:
tar: Old option 'f' requires an argument.
Try 'tar --help' or 'tar --usage' for more information.
rtl8821CU_WiFi_linux_v5.2.5.1_22211.20170517_COEX20170310-1212.rar
./install.sh: line 25: cd:
rtl8821CU_WiFi_linux_v5.2.5.1_22211.20170517_COEX20170310-1212.rar: Not a
directory
Authentication requested [root] for make clean:
make: *** No rule to make target 'clean'. Stop.
Authentication requested [root] for make driver:
make: *** No targets specified and no makefile found. Stop.
##################################################
Compile make driver error: 2
Please check error Mesg
##################################################
After I figured it was trying to decompress an archive that wasn't there (as the only archive present is a .rar) I edited the script to search for rar files instead (by changing the variable to grep .rar instead of .tar.gz on line 18 and 23). I then changed the tar extraction command to "unrar e" as it was no longer trying to extract a tar ball. When I ran it I got this output. Pastebin as it's rather long.
And while I would go ahead and check the error message, the driver package includes no such references. Evidently next time I should buy from a name brand.
Here's pastebins of the contents of install.sh and the respective Makefile the script uses, as they seem important. If anyone has any ideas, is in need of more info, or has a working driver for the 8811CU, please let me know! As I'm a total newbie when it comes to debugging driver install scripts, any pointers would be appreciated. Thanks in advance.
And I'm on Ubuntu 18.04.1 for reference.
I bought the same thing (Ourlink AC600) from Amazon too two weeks ago. I did not try the Linux driver from the CD because it's dated 2015. I also tried ourlink.us website but the driver download link lead to a dead-end. However, I managed to just install it on my ubuntu box today after some web-digging. Here are my setup/steps:
Dell core duo desktop (wired only) with Ubuntu 18.04.1 (up-to-date via: sudo apt-get update)
Plugin the AC600, turn on desktop, login.
Make sure you have required build package (via: sudo apt-get install linux-headers-generic build-essential git)
git clone https://github.com/gnab/rtl8812au (download with your wired connection. Also, I did this in ~/Downloads dir to keep my home dir clean)
cd rtl8812au
sudo make (Only see one or two warnings saying that some code will never be executed, ignore them)
sudo make install (do this only after the driver is built in step 6)
Reboot, unplug your wired network line.
Log back in and click upper-right corner down-triangle, click wireless connection and set it up.
My Ubuntu box goes wireless now. That's how I did it. Hope this helps!
As a follow-up of this question, I started building MPICH2 from source. I found this tutorial: Installing MPICH2 on a Single Machine and so far what I did is this:
./configure --disable-f77 --disable-fc --disable-fortran
[seems to be OK]
make; sudo make install
[long output with one warning]
libtool: warning: relinking 'lib/libmpicxx.la'
root#pythagoras:/home/gsamaras/mpich-3.1.4# mpich2version
bash: mpich2version: command not found
What am I doing wrong? Notice that I had first installed MPICH2 with apt-get and in order to remove it, I did:
apt-get remove --purge mpich2
apt-get autoremove // which might removed something that I need now
Tomorrow, I am going to try this: Getting And Building MPICH (which with first attempt failed to work in the autogen.sh part).
EDIT_1:
I couldn't get it to work, will try a combination of the two tutorials and report back. I did a configure and then the make from the other tutorial, failed too.
EDIT_2
This may shade some light about where it got installed (by following the first tutorial):
root#pythagoras:/home/gsamaras/mpich-3.1.4# which mpiexec
/usr/local/bin/mpiexec
root#pythagoras:/home/gsamaras/mpich-3.1.4# which mpirun
/usr/local/bin/mpirun
You installed into /usr/local, which is an OK way to do things. The README instructions you followed suggests another way which will not require administrative privileges.
I like to install into /home/robl/soft/mpich-whatever , so I can have different compilers, versions, configurations, etc. such flexibility is probably overkill for you, but it's one strategy.
To your question:
root#pythagoras:/home/gsamaras/mpich-3.1.4# mpich2version
bash: mpich2version: command not found
First, the command is now mpichversion, not mpich2version -- it's possible you were following an old tutorial.
Second, your shell might not know about the newly installed binaries. hash -r (at least on bash and tcsh) will tell the shell "forget about what you think you know about my file system and look harder".
I found this mpich-3.0.4-README, who seems to provided the solution.
Long story short, it says (it assumes you want to build 3.0.4 version, I did it with 3.1.4 (available here)):
tar xzf mpich-3.0.4.tar.gz
cd mpich-3.0.4
// you might want to disable fortran compiler (see the README I linked above)
./configure --prefix=/home/<USERNAME>/mpich-install 2>&1 | tee c.txt
make 2>&1 | tee m.txt
make install 2>&1 | tee mi.txt
PATH=/home/<USERNAME>/mpich-install/bin:$PATH ; export PATH
which mpicc
// should return something reasonable (with your directory)
mpiexec -n 2 ./examples/cpi
Now, the option with the machinefile does not work, because ssh needs a password, but that's another question.
One of the .beam files of one of my application deps is being deleted and I am not sure by what/how.
Is there a way to monitor or audit a file to see what happens when it is deleted?
I'm using RedHat distro.
Yes, you can use the audit daemon. You did't say which Linux distro. Red Hat based systems contain auditd, and you can use auditctl to add rules.
To watch a directory recursively for changes:
auditctl -w /usr/local/someapp/ -p wa
To watch system calls made by a program with pid of 2021:
auditctl -a exit,always -S all -F pid=2021
Check the man page for auditctl.
Results will be logged to /var/log/audit/audit.log
To ensure it's running.
/etc/init.d/auditd status
For a more thorough approach, you could use tripwire or OSSEC, but they're geared more toward intrusion detection.
You can monitor your Linux file system using aide. AIDE means Intrusion Detection Software to Monitor Changes.
Steps:
Install AIDE #yum install aide -y
Configuration AIDE // PERMS=p+i+u+g+acl+selinux
Initialize the AIDE database #aide –-init
Check the file system changes #aide –-check
To get more details you can visit below link
http://topicsfeedback.com/linux-system-monitoring-tools/
or you may download best android apps about advance Linux in your phone to get instant access
https://play.google.com/store/apps/details?id=com.topicsfeedback.advancelinux
I'm trying to run the time command for a file on a virtual machine running Fedora 19 64-bit and I get the message "/usr/bin/time: No such file or directory". I tried googling, but it appears it's something that I should already have. How do I get this on my computer?
For those on a raspberry pi or similar debian-based distributions, I found that I could install the package time (sudo apt install time) to obtain access to the time command.
Edit: For Fedora-based systems, the package name might be different. Try a dnf search time, followed by a sudo dnf install {package_name}. I don't have a Fedora machine immediately to hand to get the exact package name from.
bash/zsh/modern shells usually implement a basic time command as a builtin. So it won't exist on the filesystem, but time mycommand should work.
If you want the "proper" time command (with more options eg: -l/-v), then you'll need to install it via apt/yum/etc. You'll need to run it as /usr/bin/time mycommand so the shell-builtin doesn't get invoked.
It might be in other locations. I'd start by typing:
which time
This command will give you the path to time, if it's anywhere in your path.
If you need to build it yourself, you can get the source here:
http://directory.fsf.org/wiki/Time
I'm connected to my university's small Linux cluster via PuTTY and WinSCP, transferring files using the latter and compiling and running them with the former. My work so far has been performed in the university's labs, but today I have been doing some work at home that generated an interesting warning.
I uploaded an entire folder of stuff and, upon running the make command, I get this as the last line of output:
make: warning: Clock skew detected. Your build may be incomplete.
The resulting binary works correctly, and there doesn't seem to be any other unexpected errors in the build process.
I seem to be able to trigger the error by building after uploading some new / replacement files (I edit everything locally then upload the new version), so I'm wondering if it's something just as simple as mismatched file modification times? Or something more concerning?
So, should I be worried? How do I fix/prevent this?
That message is usually an indication that some of your files have modification times later than the current system time. Since make decides which files to compile when performing an incremental build by checking if a source files has been modified more recently than its object file, this situation can cause unnecessary files to be built, or worse, necessary files to not be built.
However, if you are building from scratch (not doing an incremental build) you can likely ignore this warning without consequence.
Typically this occurs when building in a NFS mounted directory, and the clocks on the client and the NFS server are out of sync.
The solution is to run an NTP client on both the NFS server and all clients.
Install the Network Time Protocol
This also happened to me when running make on a Samba SMB CIFS share on a server.
A durable solution consists in installing the ntp daemon on both the server and the client.
(Please, note that this problem is not solved by running ntpdate. This would resolve the time difference only temporarily, but not in the future.)
For Ubuntu and Debian-derived systems, simply type the following line at the command line:
$ sudo apt install ntp
Moreover, one will still need to issue the command touch * once (and only once) in the affected directory to correct the file modification times once and for all.
$ touch *
For more information about the differences between ntp and ntpdate, please refer to:
Time Synchronisation with NTP
How To Set Up Time Synchronization on Ubuntu 16.04
Simple solution:
# touch filename
will do all OK.
For more info:
http://embeddedbuzz.blogspot.in/2012/03/make-warning-clock-skew-detected-your.html
The other answers here do a good job of explaining the issue, so I won't repeat that here. But there is one solution that can resolve it that isn't listed yet: simply run make clean, then rerun make.
Having make remove any already compiled files will prevent make from having any files to compare the timestamps of, resolving the warning.
type in the terminal and it will solve the issue:
find . -type f | xargs -n 5 touch
make clean
clean
According to user m9dhatter on LinuxQuestions.org:
"make" uses the time stamp of the file to determine if the file
it is trying to compile is old or new. if your clock is bonked, it may have problems compiling.
if you try to modify files at another machine with a clock time ahead by a few minutes and transfer them to your machine and then try to compile it may cough up a warning that says the file was modified from the future. clock may be skewed or something to that effect ( cant really remember ). you could just ls to the offending file and do this:
#touch <filename of offending file>
I have had this in the past - due to the clocks being out on the machines. Consider setting up NTP so that all machines have the same time.
This is usually simply due to mismatching times between your host and client machines. You can try to synchronize the times on your machines using ntp.
The solution is to run an NTP client , just run the command as below
#ntpdate 172.16.12.100
172.16.12.100 is the ntp server
Replace the watch battery in your computer. I have seen this error message when the coin looking battery on the motherboard was in need of replacement.
(Just in case anyone lands here)
If you have sudo rights one option is to synchronize the system time
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"
Make checks if the result of the compilation, e.g. somefile.o, is older than the source, e.g. somefile.c. The warning above means that something about the timestaps of the files is strange. Probably the system clocks of the University server differs from your clock and you e.g. push at 1 pm a file with modification date 2 pm. You can see the time at the console by typing date.
This happened to me. It's because I ran make -j 4 and some jobs finished out of order. This warning should be expected when using the -j option.