Hello,

I've got a problem to install sancp-1.6.2-candidate.C because (prelude support)
The port version is actualy sancp-1.6.1

The problem depend on the Makefile
You can find the file below

#make bsd

Here is the first error :

sonde-creusot# make bsd
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb `libprelude-config --
cflags` `@(echo " -c build_acl.cc -o build_acl.o
Syntax error: EOF in backquote substitution
*** Error code 2

Stop in /usr/local/etc/sancp.
*** Error code 1

Stop in /usr/local/etc/sancp.


I understand this character ` is a a problem
So I've changed the two first lines like this :


#PRELUDE-CFLAGS=libprelude-config --cflags
#PRELUDE-SUPPORT=@(echo "#define ENABLE_PRELUDE_SUPPORT" >> platform.h)


This the next error I've got :

sonde-creusot# make bsd
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb libprelude-config --
cflags @(echo " -c build_acl.cc -o build_acl.o
Syntax error: "(" unexpected
*** Error code 2

Stop in /usr/local/etc/sancp.
*** Error code 1

Stop in /usr/local/etc/sancp.


After this I decide to write by my self :

#define ENABLE_PRELUDE_SUPPORT in the file plateform.h
And to remove this line in the Makefile


#PRELUDE-SUPPORT=`@(echo "#define ENABLE_PRELUDE_SUPPORT" >> platform.h)`


The new error is :


sonde-creusot# make bsd
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb libprelude-config --
cflags -c build_acl.cc -o build_acl.o
g++: libprelude-config: No such file or directory
cc1plus: error: unrecognized command line option "-fcflags"
*** Error code 1

Stop in /usr/local/etc/sancp.
*** Error code 1

Stop in /usr/local/etc/sancp.


Now I've difficulty to see what's the problem !
Can you give me any idea in order to install this soft ?

Best Regards

Here is the original Makefile


## SANCP Makefile
##
## HOWTO use this Makefile
## Type 'make linux', 'make bsd' or 'make solaris'
##
## For PRELUDE-SUPPORT uncomment the next two lines (remove initial '#')
PRELUDE-CFLAGS=`libprelude-config --cflags`
PRELUDE-SUPPORT=`@(echo "#define ENABLE_PRELUDE_SUPPORT" >> platform.h)`


# ------------------------------------------------------------------- #
# --------- PLEASE CONTRIBUTE ANY CHANGES MADE TO THIS FILE --------- #
# ------------------------------------------------------------------- #

##
## LINUX and BSD CFLAGS
##

CFLAGS = -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb $(PRELUDE-CFLAGS)
$(PRELUDE-SUPPORT)

# w/ DEBUG SYMBOLS
#CFLAGS = -g -O3 -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb $(PRELUDE-CFLAGS)
$(PRELUDE-SUPPORT)

##
## LINUX LFLAGS
##

LFLAGS = -lresolv -lnsl -lpcap -L/usr/lib/libpcap.so.0.6.2

##
## BSD BFLAGS
##

BFLAGS = -lpcap -L/usr/lib/libpcap.so

##
## SOLARIS CFLAGS and LFLAGS
##

SOLARISCFLAGS = -O3 -g -ggdb -Wall -fomit-frame-pointer -funroll-loops -DBYTE_ORDER=1234 -DBIG_ENDIAN=1234 -I./ -I/usr/local/include -
I/usr/include -L/usr/lib -L/usr/local/lib $(PRELUDE-CFLAGS) $(PRELUDE-SUPPORT)
SOLARISLFLAGS = -lresolv -lnsl -lpcap -lsocket


##
##
##

final : sancp.cc Makefile
g++ -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o
g++ -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o
g++ -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o
g++ -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o
g++ -Wall $(CFLAGS) -c decode.cc -o decode.o
g++ -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o
g++ -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o
g++ -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o
g++ -Wall $(CFLAGS) -c sancp.cc -o sancp.o
gcc -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o
g++ -Wall $(CFLAGS) -c permissions.cc -o permissions.o
g++ -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o
g++ -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o
g++ -Wall $(CFLAGS) -c sancpsignals.cc -o sancpsignals.o
g++ -Wall $(LFLAGS) $(CFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o
decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o permissions.o outputFileHandle.o

clean :
@(echo "" > platform.h)
@rm -f *.o sancp

bsd :
@(echo "#define PLATFORM_BSD" >> platform.h)
@make final
g++ -Wall $(BFLAGS) $(CFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o
decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o permissions.o outputFileHandle.o

linux :
@(echo "#define PLATFORM_LINUX" >> platform.h)
@make final
g++ -Wall $(LFLAGS) $(CFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o
decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o permissions.o outputFileHandle.o

solaris :
@(echo "#define PLATFORM_SOLARIS" >> platform.h)
g++ -Wall $(SOLARISCFLAGS) -c build_acl.cc -o build_acl.o
g++ -Wall $(SOLARISCFLAGS) -c misc_functs.cc -o misc_functs.o
g++ -Wall $(SOLARISCFLAGS) -c outputFileHandle.cc -o outputFileHandle.o
g++ -Wall $(SOLARISCFLAGS) -c apply_rule.cc -o apply_rule.o
g++ -Wall $(SOLARISCFLAGS) -c decode.cc -o decode.o
g++ -Wall $(SOLARISCFLAGS) -c fileHandle.cc -o fileHandle.o
g++ -Wall $(SOLARISCFLAGS) -c MemoryPool.cc -o MemoryPool.o
g++ -Wall $(SOLARISCFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o
g++ -Wall $(SOLARISCFLAGS) -c sancp.cc -o sancp.o
gcc -Wall $(SOLARISCFLAGS) -c pcap_functions.c -o pcap_functions.o
g++ -Wall $(SOLARISCFLAGS) -c permissions.cc -o permissions.o
g++ -Wall $(SOLARISCFLAGS) -c check_packet.cc -o check_packet.o
g++ -Wall $(SOLARISCFLAGS) -c statefull_logging.cc -o statefull_logging.o
g++ -Wall $(SOLARISCFLAGS) -c sancpsignals.cc -o sancpsignals.o
g++ -Wall $(SOLARISLFLAGS) $(SOLARISCFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull_logging.o
build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o permissions.o outputFileHandle.o

Try to use gmake instead of make.

I obtain exactly the same errors;

Any others idea ?

Use the original Makefile and gmake.

On the original Makefile

those 2 lines are commented :

#PRELUDE-CFLAGS=`libprelude-config --cflags`
#PRELUDE-SUPPORT=`@(echo "#define ENABLE_PRELUDE_SUPPORT" >> platform.h)`


In this case
with make bsd or gmake, the installation is OK

So the problem is on the PRELUDE options.

What do you think of this ?

Sorry for the delays getting you a response, I am having to post direct to this forum rather than sort out the email delivery issues I am having with your domain.

As you have determined I do not know how to properly include the output from the command `libprelude-config --cflags` into a variable in the Makefile. Sorry you are having this issue, I try to included a script to build the correct Makefile with prelude support in the future.

For now you can try to manually applying the following two changes to the original Makefile.

1. Run the command libprelude-config [a] and include its output in the Makefile like so [b].

[a] libprelude-config --cflags

[b] PRELUDE-CFLAGS="<include output from libprelude-config here>"

2. Also, make certain platform.h contains the following text:

#define ENABLE_PRELUDE_SUPPORT

3. Now try compiling with 'make bsd' again and let me know what happens.

Thanks,

-John Curry

the answer of libprelude-config --cflags is -I/usr/local/include
First question when you ask me to insert this answer here :
PRELUDE-CFLAGS=]-I/usr/local/include , I find this is curious, it should not be ? PRELUDE-CFLAGS=]-I/usr/local/include/libprelude

This is what I obtain when I try to compile with # make bsd


g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c build_acl.cc -o build_acl.o
In file included from sancp.h:53,
from build_acl.cc:2:
gvars.h:32: error: expected `}' before 'l'
gvars.h:34: error: expected initializer before 'lags_P'
gvars.h:39: error: expected declaration before '}' token
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.


An other thins I found strange is here on the Makefile :


final : sancp.cc Makefile
g++ -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o
g++ -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o
g++ -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o
g++ -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o
g++ -Wall $(CFLAGS) -c decode.cc -o decode.o
g++ -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o
g++ -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o
g++ -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o
g++ -Wall $(CFLAGS) -c sancp.cc -o sancp.o
gcc -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o
g++ -Wall $(CFLAGS) -c permissions.cc -o permissions.o
g++ -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o
g++ -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o
g++ -Wall $(CFLAGS) -c sancpsignals.cc -o sancpsignals.o
g++ -Wall $(LFLAGS) $(CFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull
_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o per
missions.o outputFileHandle.o


And here

bsd :
@(echo "#define PLATFORM_BSD" >> platform.h)
@make final
g++ -Wall $(BFLAGS) $(CFLAGS) -o sancp sancp.o sancpsignals.o misc_functs.o check_packet.o statefull
_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o per
missions.o outputFileHandle.o


So I ve made different try according on the two points I spoke over

Thanks

Try dropping the ']' character. Not sure where you picked that up.

so this:

PRELUDE-CFLAGS=]-I/usr/local/include/libprelude

should read as this:

PRELUDE-CFLAGS=-I/usr/local/include/libprelude

Thanks,
-John Curry

To answer your question, you should use whatever libprelude-config returns instead:

PRELUDE-CFLAGS=-I/usr/local/include/

Sorry it was a mistake the correct cflag is : PRELUDE-CFLAGS=-I/usr/local/include

Here is the errors :


g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -
c build_acl.cc -o build_acl.o
In file included from sancp.h:53,
from build_acl.cc:2:
gvars.h:32: error: expected `}' before 'l'
gvars.h:34: error: expected initializer before 'lags_P'
gvars.h:39: error: expected declaration before '}' token
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.

There is a format problem in the prelude-related source in gvars.h

Lines 31 - 39 need to be joined into a single line without spaces. You can join these lines manually or you can try the patch I pasted below.

Save the code below to a file (i.e. patch.code ) and use with the 'patch' command as follows:

cd sancp-1.6.2-candidate.C/
patch < ~/patch.code

I've attached the patch as a file to this post.

I hope things are in the good way,

This is the new error :


sonde-creusot# make bsd
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c build_acl.cc -o build_acl.o
build_acl.cc: In function 'void build_config(int)':
build_acl.cc:482: warning: deprecated conversion from string constant to 'char*'
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c misc_functs.cc -o misc_functs.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c outputFileHandle.cc -o outputFileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c apply_rule.cc -o apply_rule.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c decode.cc -o decode.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c fileHandle.cc -o fileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c MemoryPool.cc -o MemoryPool.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c pcapFileHandle.cc -o pcapFileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c sancp.cc -o sancp.o
sancp.cc:51: error: too many initializers for 'char [101][27]'
sancp.cc: In function 'int main(int, char**)':
sancp.cc:197: warning: deprecated conversion from string constant to 'char*'
sancp.cc:198: warning: deprecated conversion from string constant to 'char*'
sancp.cc:199: warning: deprecated conversion from string constant to 'char*'
sancp.cc:200: warning: deprecated conversion from string constant to 'char*'
sancp.cc:201: warning: deprecated conversion from string constant to 'char*'
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.
sonde-creusot#


Thanks

I've attached a second patch to resolve the error:

sancp.cc:51: error: too many initializers for 'char [101][27]'

Here is the new step :


sonde-creusot# make bsd
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c build_acl.cc -o build_acl.o
build_acl.cc: In function 'void build_config(int)':
build_acl.cc:482: warning: deprecated conversion from string constant to 'char*'
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c misc_functs.cc -o misc_functs.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c outputFileHandle.cc -o outputFileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c apply_rule.cc -o apply_rule.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c decode.cc -o decode.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c fileHandle.cc -o fileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c MemoryPool.cc -o MemoryPool.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c pcapFileHandle.cc -o pcapFileHandle.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c sancp.cc -o sancp.o
sancp.cc: In function 'int main(int, char**)':
sancp.cc:197: warning: deprecated conversion from string constant to 'char*'
sancp.cc:198: warning: deprecated conversion from string constant to 'char*'
sancp.cc:199: warning: deprecated conversion from string constant to 'char*'
sancp.cc:200: warning: deprecated conversion from string constant to 'char*'
sancp.cc:201: warning: deprecated conversion from string constant to 'char*'
gcc -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c pcap_functions.c -o pcap_functions.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c permissions.cc -o permissions.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c check_packet.cc -o check_packet.o
g++ -Wall -O3 -s -I/usr/include/pcap -I/usr/local/include/pcap -I./ -L/usr/lib/libsocket.so -g -L/opt/csw/lib -ggdb -I/usr/local/include -c statefull_logging.cc -o statefull_logging.o
statefull_logging.cc: In function 'void erase_idle(int)':
statefull_logging.cc:140: error: a function-definition is not allowed here before '{' token
statefull_logging.cc:1455: error: expected `}' at end of input
statefull_logging.cc:112: warning: unused variable 'tmpptr'
statefull_logging.cc:113: warning: unused variable 'tmp'
statefull_logging.cc:1455: error: expected `}' at end of input
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.
*** Error code 1

Stop in /usr/local/etc/sancp-1.6.2-candidate.C.

I've installed libprelude packages on both redhat and freebsd, however neither produce the libprelude-config binary.

Do you have any step-by-step instructions for downloading and installing libprelude on freebsd? If not I will try to work around this by sending you the code changes so you can test them.

Thanks,

-John

I've used the ports method here is the list of the pacakge installed :


apache-2.2.15_9 Version 2.2.x of Apache web server with prefork MPM.
apr-ipv6-devrandom-gdbm-db42-pgsql80-1.4.2.1.3.9_1 Apache Portability Library
autoconf-2.62 Automatically configure source code on many Un*x platforms
autoconf-wrapper-20071109 Wrapper script for GNU autoconf
automake-1.9.6_3 GNU Standards-compliant Makefile generator (1.9)
automake-wrapper-20071109 Wrapper script for GNU automake
db42-4.2.52_5 The Berkeley DB package, revision 4.2
expat-2.0.1_1 XML 1.0 parser written in C
gdbm-1.8.3_3 The GNU database manager
gettext-0.18_1 GNU gettext package
gmake-3.81_4 GNU version of 'make' utility
gnutls-2.8.6_1 GNU Transport Layer Security library
help2man-1.38.2_1 Automatically generating simple manual pages from program o
libgcrypt-1.4.5 General purpose crypto library based on code used in GnuPG
libgpg-error-1.7_1 Common error values for all GnuPG components
libiconv-1.13.1_1 A character set conversion library
libprelude-0.9.24.1 Framework library for Prelude NIDS
libpreludedb-0.9.15.3 Framework library for access to Prelude NIDS database
libsigsegv-2.8 Handling page faults in user mode
libtool-2.2.6b Generic shared library support script
libxml2-2.7.7 XML parser library for GNOME
m4-1.4.14_1,1 GNU m4
p5-gettext-1.05_3 Message handling functions
pcre-8.02 Perl Compatible Regular Expressions library
perl-5.8.9_3 Practical Extraction and Report Language
pkg-config-0.23_1 A utility to retrieve information about installed libraries
postgresql-client-8.0.25_1 PostgreSQL database (client)
postgresql-server-8.0.25_1 The most advanced open-source database available anywhere
prelude-lml-0.9.15 Prelude Network Intrusion Detection System Log Monitoring L
prelude-manager-0.9.14.2_4 Prelude Network Intrusion Detection System central logging
py26-cheetah-2.4.2.1 HTML template engine for Python
py26-markdown-2.0.3 Text markup to HTML conversion engine for Python
py26-prewikka-0.9.17.1_1 Frontend for the Prelude IDS
py26-setuptools-0.6c11 Download, build, install, upgrade, and uninstall Python pac
python26-2.6.5 An interpreted object-oriented programming language
snort-2.8.5.3_1 Lightweight network intrusion detection system
xz-4.999.9_1 LZMA compression and decompression tools


Hope this can help you to understand the problem

I was able to install libprelude to identify remaining problems compiling on Redhat and Freebsd.

However, none of libprelude packages that I installed for redhat (via yum) or freebsd (via tar file from prelude website [version 4.11]) contain the libprelude-config command.

Moving right along...

I cleaned up the Makefile a little and made a /bin/sh script that attempts to detect /usr/include/libprelude or /usr/local/include/libprelude and then replaces the Makefile with one that includes the prelude directory.

So try this new patch(attached) on a clean distro.

tar -zxf sancp-1.6.2-candidate.C.tar.gz
cd sancp-1.6.2-candidate.C
patch -p1 < ../sancp-1.6.2-candidate.C.prelude.patch.20100625.diff

If you want to use the script:

chmod 755 prelude.setup
./prelude.setup

-John Curry

johncurry, format your posts: Posting and Editing in the FreeBSD Forums (http://forums.freebsd.org/showthread.php?t=8816)

Hi John,

You forgot to join the patch in your last post.
Can you attach it, please.

Best Regards

The attached diff is too big for the freebsd forums so I've sent this through email.

-John Curry

Here is the new error :


usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:94: undefined reference to `prelude_client_get_analyzer'
sancp.o(.text+0x243):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:98: undefined reference to `idmef_analyzer_new_model'
sancp.o(.text+0x267):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:101: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x278):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:103: undefined reference to `idmef_analyzer_new_class'
sancp.o(.text+0x29c):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:106: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x2ad):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:108: undefined reference to `idmef_analyzer_new_manufacturer'
sancp.o(.text+0x2d5):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:111: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x2e6):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:113: undefined reference to `idmef_analyzer_new_version'
sancp.o(.text+0x30e):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:116: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x6bb): In function `main':
/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:276: undefined reference to `prelude_log_set_flags'
sancp.o(.text+0x6c7):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:283: undefined reference to `prelude_init'
sancp.o(.text+0x84d):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:387: undefined reference to `prelude_client_new'
sancp.o(.text+0x875):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:395: undefined reference to `prelude_client_start'
sancp.o(.text+0x892):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:402: undefined reference to `prelude_client_set_flags'
sancp.o(.text+0xcdc):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:397: undefined reference to `prelude_perror'
sancp.o(.text+0xcfd):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:285: undefined reference to `prelude_perror'
sancp.o(.text+0xd1e):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:389: undefined reference to `prelude_perror'
statefull_logging.o(.text+0x11a3): In function `add_idmef_object':
/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:231: undefined reference to `idmef_path_new'
statefull_logging.o(.text+0x11bd):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:235: undefined reference to `idmef_value_new_from_path'
statefull_logging.o(.text+0x11d7):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:241: undefined reference to `idmef_path_set'
statefull_logging.o(.text+0x11e4):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:243: undefined reference to `idmef_value_destroy'
statefull_logging.o(.text+0x11ef):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:244: undefined reference to `idmef_path_destroy'
statefull_logging.o(.text+0x15c6): In function `record_prelude(cnx*)':
/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:264: undefined reference to `idmef_message_new'
statefull_logging.o(.text+0x15e0):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:265: undefined reference to `idmef_message_new_alert'
statefull_logging.o(.text+0x15fe):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:272: undefined reference to `idmef_time_new_from_gettimeofday'
statefull_logging.o(.text+0x1618):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:274: undefined reference to `idmef_alert_set_detect_time'
statefull_logging.o(.text+0x1627):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:278: undefined reference to `idmef_time_new_from_gettimeofday'
statefull_logging.o(.text+0x1647):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:279: undefined reference to `idmef_alert_set_create_time'
statefull_logging.o(.text+0x1654):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `prelude_client_get_analyzer'
statefull_logging.o(.text+0x165c):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `idmef_analyzer_ref'
statefull_logging.o(.text+0x1673):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `idmef_alert_set_analyzer'
statefull_logging.o(.text+0x17c4):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:424: undefined reference to `idmef_message_destroy'
statefull_logging.o(.text+0x17e1):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:269: undefined reference to `idmef_time_new_from_time'
statefull_logging.o(.text+0x17f7):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:278: undefined reference to `idmef_message_destroy'
statefull_logging.o(.text+0x1b3a):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:423: undefined reference to `prelude_client_send_idmef'
*** Error code 1

Everything looks good so far. However, these errors indicate that the compiler can't find the prelude libraries as defined by PRELUDE-CFLAGS= in the Makefile.

a. What is the path in the Makefile for PRELUDE-CFLAGS=
b. What is the path to libprelude (libprelude-config --cflags)

Manually set the Makefile PRELUDE-CFLAGS and try again.

i.e. PRELUDE-CFLAGS=-I<path>

-John

It's the same :

-I/usr/local/include

The compiler is having problems linking to the libprelude library, itself.


Let's find the location of libprelude.so.


find /usr | grep libprelude.so
/usr/local/lib/libprelude.so


then add it to the PRELUDE-CFLAGS= in the Makefile.


PRELUDE-CFLAGS=-I/usr/local/include -L/usr/local/lib/libprelude.so


-John

I suppose the end is near;

Here is the new error :

sancp.o(.text+0x21e): In function `sancp_alert_init(prelude_client*)':
/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:94: undefined reference to `prelude_client_get_analyzer'
sancp.o(.text+0x243):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:98: undefined reference to `idmef_analyzer_new_model'
sancp.o(.text+0x267):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:101: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x278):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:103: undefined reference to `idmef_analyzer_new_class'
sancp.o(.text+0x29c):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:106: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x2ad):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:108: undefined reference to `idmef_analyzer_new_manufacturer'
sancp.o(.text+0x2d5):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:111: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x2e6):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:113: undefined reference to `idmef_analyzer_new_version'
sancp.o(.text+0x30e):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:116: undefined reference to `prelude_string_set_ref_fast'
sancp.o(.text+0x6bb): In function `main':
/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:276: undefined reference to `prelude_log_set_flags'
sancp.o(.text+0x6c7):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:283: undefined reference to `prelude_init'
sancp.o(.text+0x84d):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:387: undefined reference to `prelude_client_new'
sancp.o(.text+0x875):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:395: undefined reference to `prelude_client_start'
sancp.o(.text+0x892):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:402: undefined reference to `prelude_client_set_flags'
sancp.o(.text+0xcdc):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:397: undefined reference to `prelude_perror'
sancp.o(.text+0xcfd):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:285: undefined reference to `prelude_perror'
sancp.o(.text+0xd1e):/usr/local/etc/sancp-1.6.2-candidate.C/sancp.cc:389: undefined reference to `prelude_perror'
statefull_logging.o(.text+0x11a3): In function `add_idmef_object':
/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:231: undefined reference to `idmef_path_new'
statefull_logging.o(.text+0x11bd):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:235: undefined reference to `idmef_value_new_from_path'
statefull_logging.o(.text+0x11d7):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:241: undefined reference to `idmef_path_set'
statefull_logging.o(.text+0x11e4):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:243: undefined reference to `idmef_value_destroy'
statefull_logging.o(.text+0x11ef):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:244: undefined reference to `idmef_path_destroy'
statefull_logging.o(.text+0x15c6): In function `record_prelude(cnx*)':
/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:264: undefined reference to `idmef_message_new'
statefull_logging.o(.text+0x15e0):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:265: undefined reference to `idmef_message_new_alert'
statefull_logging.o(.text+0x15fe):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:272: undefined reference to `idmef_time_new_from_gettimeofday'
statefull_logging.o(.text+0x1618):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:274: undefined reference to `idmef_alert_set_detect_time'
statefull_logging.o(.text+0x1627):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:278: undefined reference to `idmef_time_new_from_gettimeofday'
statefull_logging.o(.text+0x1647):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:279: undefined reference to `idmef_alert_set_create_time'
statefull_logging.o(.text+0x1654):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `prelude_client_get_analyzer'
statefull_logging.o(.text+0x165c):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `idmef_analyzer_ref'
statefull_logging.o(.text+0x1673):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:282: undefined reference to `idmef_alert_set_analyzer'
statefull_logging.o(.text+0x17c4):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:424: undefined reference to `idmef_message_destroy'
statefull_logging.o(.text+0x17e1):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:269: undefined reference to `idmef_time_new_from_time'
statefull_logging.o(.text+0x17f7):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:278: undefined reference to `idmef_message_destroy'
statefull_logging.o(.text+0x1b3a):/usr/local/etc/sancp-1.6.2-candidate.C/statefull_logging.cc:423: undefined reference to `prelude_client_send_idmef'
gmake: *** [bsd] Error 1



Best Regards

Ok, lets try linking against 'libprelude.a' instead of 'libprelude.so'.


find / | grep libprelude.a
/lib/libprelude.a


So the Makefile would then appear like this:


PRELUDE-CFLAGS=-I/usr/local/include -L/lib/libprelude.a

There is no libprelude.a

Hmmm, I'm testing on FreeBSD Release 6.1 which appears to have both the .so and .a, however sancp also compiles without the extra '-L' flag that I suggested. I will setup a FreeBSD 8.0 system in hopes to reproduce the linking problem you are having. I didn't get specific instructions from you on how you actually installed the libprelude package. I can't claim to be a FreeBSD guru, so anything you can offer to help me to recreate your environment would be greatly appreciated. :)

-John

This the way I've follow to install libprelude :

1) You need to install ports collection cf : http://www.freebsd.org/doc/en/books/handbook/ports-using.html

2) Update system and ports
freebsd update fetch
freebsd update install
portsnap fetch
portsnap update

3) install libprelude (0.9.24.1)
cd /usr/ports/security/libprelude
make config
make install clean
rehash

Thank U

Here are the flags you need to use in the sancp Makefile to compile support for the FreeBSD 8.0 ports installation of libprelude.

PRELUDE-CFLAGS=-I/usr/local/include /usr/local/lib/libprelude.so

-John

Hello,

I suppose we have an error when sancp try tro create a profile :


sonde:/etc/sancp# ./sancp -i eth0
sancp: Retrieved last connection ID: 0 8 2
sancp: Error reading: EINVAL
sancp: Opening without filter
19 Jul 16:27:15 (process:4213) CRITICAL: assertion 'profile' failed (prelude-client.c:1248 prelude_client_new)
19 Jul 16:27:15 (process:4213) WARNING: prelude-client: Unable to create a prelude client object: Critical assertion occurred.
sancp: Exiting