Snort configure on Ubuntu 8.10. NEED HELP!!

[shootlessjoe]

Hi guys, I am new to all this. Been trying out what Linux OS to flow with to run Snort on for our network. Seems like I have chosen a newer setup it seems and I am going on a list of instructions on a paper written by someone. I currently running Ubuntu 8.10 with Snort 2.8.3.1. I get along the way d/l things and getting them prepared to install and configure. I start getting into snort install. I run the following command line.

./configure -enable-dynamicplugin --with-mysql

Once I do that, It configures itself. Then I do this...

# make

Once I hit that, it runs down a list of things it is making. Then it runs into a few errors.

In function ‘open’,
inlined from ‘server_stats_save’ at server_stats.c:349:
/usr/include/bits/fcntl2.h:51: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT in second argument needs 3 arguments
make[5]: *** [server_stats.o] Error 1
make[5]: Leaving directory `/root/snorttmp/snort-2.8.3.1/src/preprocessors/flow/portscan'
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory `/root/snorttmp/snort-2.8.3.1/src/preprocessors/flow'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/snorttmp/snort-2.8.3.1/src/preprocessors'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/snorttmp/snort-2.8.3.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/snorttmp/snort-2.8.3.1'
make: *** [all] Error 2


Can anyone tell me how to fix this problem or do I need to go with a stable version of Snort? Any help would be nice since I am new to this and my boss is wanting this done soon.

[MSchadone]

You must be root to perform the following procedure. You may also open the file below and save it in your home folder, then copy it (as root) to its original directory (../snort2.8.*/src/preprocessors/flow/portscan/).

After "./configure --with-mysql --enable-dynamicplugin", locate the file "server_stats.c" in "../snort-2.8.*/src/preprocessors/flow/portscan/" and open it in a text editor or IDE. Identify the following section:

Code:

int server_stats_save(SERVER_STATS *ssp, char *filename)

In this section, identify the line:

Code:

fd = open(filename, O_CREAT|O_TRUNC|O_SYNC|O_WRONLY);

and change it to:

Code:

fd = open(filename, O_CREAT|O_TRUNC|O_SYNC|O_WRONLY, 0666);

Then you may run "make && make install".

I am still trying to sort out a few other problems relating to MySQL, but this certainly solves the problem that you described above.

[shootlessjoe]

Ah, thank you for that. I thought it was me for a second and now that there is a code to fix I should be able to run it here soon. Just hope I didn't wipe my box down.

[shootlessjoe]

Funny thing is that when I try to do this, I am using the root powers but as myself. I still can't get it to work, says I am denied.