Thursday, June 28, 2012

Snort with MySQL support on 64-bit CentOS 6...

In one of the previous posts I wrote about compiling Snort 2.9.2.1 on 64-bit CentOS. The newest stable version of Snort now is 2.9.2.3 and I'll use that version from now on. But, the old post is still valid for compiling that new one, so there is no need for another post.

But, there is a problem. If  you tried to build Snort package with MySQL support like this:
rpmbuild --rebuild --with mysql snort-2.9.2.3-1.src.rpm
then you certainly got the following message:
<some unrelated configure script output>
checking for mysql...

**********************************************
  ERROR: unable to find mysqlclient library (libmysqlclient.*)
  checked in the following places
        /usr
        /usr/lib
        /usr/mysql
        /usr/mysql/lib
        /usr/lib/mysql
        /usr/local
        /usr/local/lib
        /usr/local/mysql
        /usr/local/mysql/lib
        /usr/local/lib/mysql
**********************************************

error: Bad exit status from /var/tmp/rpm-tmp.R2KI5J (%build)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.R2KI5J (%build)
Well, the problem is that on 64-bit CentOS (and RHEL derivatives, including Fedora) 64-bit libraries are in /lib64 and /usr/lib64 directories. The easiest way to circumvent that problem is to do the following.

First, install SRPMS file so that it is unpacked:
rpm -ivh snort-2.9.2.3-1.src.rpm
Then, go to ~/rpmbuild/SPEC directory, and open file snort.spec in some text editor. Search for the following block:
   if [ "$1" = "mysql" ]; then
        ./configure $SNORT_BASE_CONFIG \
        --with-mysql \
        --without-postgresql \
        --without-oracle \
        --without-odbc \
        %{?EnableFlexresp} %{?EnableFlexresp2} \
        %{?EnableInline}
   fi
It's somewhere around line 231. Modify it to include line         --with-mysql-libraries=/usr/lib64, i.e. it should now look like follows:
    if [ "$1" = "mysql" ]; then
        ./configure $SNORT_BASE_CONFIG \
        --with-mysql \
        --with-mysql-libraries=/usr/lib64 \
        --without-postgresql \
        --without-oracle \
        --without-odbc \
        %{?EnableFlexresp} %{?EnableFlexresp2} \
        %{?EnableInline}
   fi
Save and close file. Then, start snort build using the following command:
rpmbuild -bb --with mysql snort-2.9.2.3-1.src.rpm
And that should be it...

2 comments:

Unknown said...

Thanks for this. Helped me a ton :)

Unknown said...

Thanks for this. Helped me a ton :)

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive