From 63d008235406d449a19ddd0da7c80e94c19a6f82 Mon Sep 17 00:00:00 2001 From: Aslan Varoqua Date: Mon, 14 May 2018 09:19:24 -0600 Subject: [PATCH 1/5] The dockerfile links were broken + hard 2 read --- Dockerfile | 91 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index f26050a..bf56e48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,80 +1,105 @@ -FROM ubuntu:precise -MAINTAINER Michael Baker +RUN apt install RUN curl -y --force-yes \ +RUN apt install wget -y --force-yes && \ +RUN apt install build-essential -y --force-yes && \ +RUN apt install hadoop-0.20 -y --force-yes && \ +RUN apt install hadoop-pig git-core -y --force-yes && \ +RUN apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ +RUN apt install ipython python2.7-dev -y --force-yes && \ +RUN apt install libnet1-dev -y --force-yes && \ +RUN apt install python-pip flex bison -y --force-yes && \ +RUN apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ +RUN apt install default-jre -y --force-yes && \ +RUN apt install openjdk-8-jdk -y --force-yes && \ +RUN apt install libpcre3 -y --force-yes && \ +RUN apt install libpcre3-dev pkg-config gettext -y --force-yes && \ +RUN apt install pcap -y --force-yes && \ +RUN pip install virtualenv -y --force-yes && \ +RUN apt install git + +#repos RUN echo "deb http://archive.cloudera.com/debian maverick-cdh3 contrib" > /etc/apt/sources.list.d/cloudera.list RUN echo "deb-src http://archive.cloudera.com/debian maverick-cdh3 contrib" >> /etc/apt/sources.list.d/cloudera.list RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise universe" >> /etc/apt/sources.list RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe" >> /etc/apt/sources.list -RUN apt-get install curl wget -y --force-yes + RUN curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - -RUN apt-get update -y --force-yes +apt-get update + +RUN apt install build-essential hadoop-0.20 bunzip make autoconf hadoop-pig git-core libnids-dev libnids1.21 libmagic-dev ipython python2.7-dev libnet1-dev python-pip flex bison libpcap0.8 libpcap0.8-dev openjdk-6-jdk libpcre3 libpcre3-dev pkg-config gettext -y + +RUN pip install python-magic argparse -RUN apt-get install build-essential hadoop-0.20 hadoop-pig git-core libnids-dev libnids1.21 libmagic-dev ipython python2.7-dev libnet1-dev python-pip flex bison libpcap0.8 libpcap0.8-dev openjdk-6-jdk libpcre3 libpcre3-dev pkg-config gettext -y --force-yes +#DL libdnet +RUN cd /src;\ + wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz -RUN pip install python-magic argparse +#untar libdnet +RUN tar -zxvf libdnet-1.11.tgz; -#Install libdnet -RUN mkdir /src;\ - cd /src;\ - wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz;\ - tar -zxvf libdnet-1.12.tgz;\ - cd libdnet-1.12/;\ - ./configure;\ +# enter libnet dir +RUN cd libdnet-1.11/; + +# compile/install +RUN ./configure;\ make;\ make install; #Fix libdnet -RUN cp /usr/local/lib/libdnet.1.0.1 /usr/local/lib/libdnet.so.1.0.1 &&\ +RUN cp /usr/local/lib/libdnet.1.11.1 /usr/local/lib/libdnet.so.1.0.1 &&\ ldconfig #Install DAQ RUN cd /src &&\ - wget http://www.snort.org/downloads/1850 &&\ - tar -zxvf 1850 &&\ - cd daq-1.1.1/ &&\ + wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz &&\ + tar -zxvf daq-2.0.6.tar.gz &&\ + cd daq-2.0.6/ &&\ ./configure && make && make install -#Install Snort - +# DL Snort RUN cd /src &&\ - wget http://www.snort.org/downloads/1862 &&\ - tar -zxvf 1862 &&\ - cd snort-2.9.3.1/ &&\ + wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz &&\ + tar -zxvf snort-2.9.11.1.tar.gz &&\ + cd snort-2.9.11.1/ &&\ + +# INSTALL SNORT +RUN cd snort-2.9.11.1/ &&\ ./configure --prefix /usr/local/snort --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-reload && make && make install &&\ groupadd snort && useradd -g snort snort && ln -s /usr/local/snort/bin/snort /usr/sbin/ && ln -s /usr/local/snort/etc /etc/snort &&\ mkdir -p /usr/local/snort/var/log && chown snort:snort /usr/local/snort/var/log && ln -s /usr/local/snort/var/log /var/log/snort &&\ ln -s /usr/local/snort/lib/snort_dynamicpreprocessor /usr/local/lib/snort_dynamicpreprocessor &&\ - ln -s /usr/local/snort/lib/snort_dynamicengine /usr/local/lib/snort_dynamicengine &&\ - mkdir /usr/local/snort/lib/snort_dynamicrules && ln -s /usr/local/snort/lib/snort_dynamicrules /usr/local/lib/snort_dynamicrules &&\ + ln -s /usr/local/snort/lib/snort_dynamicengine /usr/local/lib/snort_dynamicengine + +#snort rules +RUN mkdir /usr/local/snort/lib/snort_dynamicrules && ln -s /usr/local/snort/lib/snort_dynamicrules /usr/local/lib/snort_dynamicrules &&\ chown -R snort:snort /usr/local/snort && ldconfig #Install glib RUN cd /src &&\ - wget ftp://ftp.gtk.org/pub/gtk/v2.2/glib-2.2.3.tar.bz2 && bunzip2 glib-2.2.3.tar.bz2 && tar -xvf glib-2.2.3.tar &&\ + wget https://ftp.gnome.org/pub/gnome/sources/glib/2.2/glib-2.2.3.tar.gz && tar -zxvf glib-2.2.3.tar.gz &&\ cd glib-2.2.3 && ./configure && make && make install #Install p0f RUN cd /src &&\ - wget http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.06b.tgz &&\ - tar -zxvf p0f-3.06b.tgz && cd p0f-3.06b/ && sed -i "s/p0f.fp/\/etc\/p0f\/p0f.fp/g" config.h && make && cp p0f /usr/local/bin && mkdir /etc/p0f &&\ + wget http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.09b.tgz &&\ + tar -zxvf p0f-3.09b.tgz && cd p0f-3.09b/ && sed -i "s/p0f.fp/\/etc\/p0f\/p0f.fp/g" config.h && make && cp p0f /usr/local/bin && mkdir /etc/p0f &&\ cp p0f.fp /etc/p0f/ #Install Pynids for 64 bit RUN cd /src &&\ - wget http://jon.oberheide.org/pynids/downloads/pynids-0.6.1.tar.gz &&\ + wget https://jon.oberheide.org/files/pynids-0.6.1.tar.gz &&\ tar -zxvf pynids-0.6.1.tar.gz && cd pynids-0.6.1 && tar -zxvf libnids-1.24.tar.gz && cd libnids-1.24/ &&\ ./configure CFLAGS=-fPIC --disable-libglib --disable-libnet --disable-shared && make && make install &&\ cd .. && python setup.py build && python setup.py install #Set Java Environment -#ENV JAVA_HOME /usr/lib/jvm/java-6-openjdk/ -ENV JAVA_HOME /usr/lib/jvm/java-6-openjdk-amd64/ -ENV PPD /src/packetpig/ +PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH +PPD=/src/packetpig/:$PATH -#Clone and run Packetpig +# Packetpig RUN cd /src/ &&\ - git clone https://github.com/packetloop/packetpig.git && cd packetpig &&\ + cd packetpig &&\ lib/scripts/tcp.py -r data/web.pcap -om http_headers -of tsv | less &&\ lib/scripts/dns_parser.py -r data/web.pcap && mkdir out &&\ pig -x local -f pig/examples/binning.pig -param pcap=data/web.pcap -param output=output && more output/binning/part-r-00000 From b475d45f1457f2f18bd7fef1f58e29c55667f853 Mon Sep 17 00:00:00 2001 From: Aslan Varoqua Date: Mon, 14 May 2018 09:28:07 -0600 Subject: [PATCH 2/5] Debian Install Script - Non VM-Ware --- debian/install.sh | 101 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 debian/install.sh diff --git a/debian/install.sh b/debian/install.sh new file mode 100644 index 0000000..2b0f8db --- /dev/null +++ b/debian/install.sh @@ -0,0 +1,101 @@ +#/bin/sh +apt install curl -y --force-yes \ +apt install wget -y --force-yes && \ +apt install build-essential -y --force-yes && \ +apt install hadoop-0.20 -y --force-yes && \ +apt install hadoop-pig git-core -y --force-yes && \ +apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ +apt install ipython python2.7-dev -y --force-yes && \ +apt install libnet1-dev -y --force-yes && \ +apt install python-pip flex bison -y --force-yes && \ +apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ +apt install default-jre -y --force-yes && \ +apt install openjdk-8-jdk -y --force-yes && \ +apt install libpcre3 -y --force-yes && \ +apt install libpcre3-dev pkg-config gettext -y --force-yes && \ +apt install pcap -y --force-yes && \ +pip install virtualenv -y --force-yes && \ +apt install git + +#repos +echo "deb http://archive.cloudera.com/debian maverick-cdh3 contrib" > /etc/apt/sources.list.d/cloudera.list +echo "deb-src http://archive.cloudera.com/debian maverick-cdh3 contrib" >> /etc/apt/sources.list.d/cloudera.list +echo "deb http://us.archive.ubuntu.com/ubuntu/ precise universe" >> /etc/apt/sources.list +echo "deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe" >> /etc/apt/sources.list +curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - +apt-get update + +pip install python-magic argparse + +#DL libdnet +cd /src;\ +wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz + +#untar libdnet +tar -zxvf libdnet-1.11.tgz; + +# enter libnet dir +cd libdnet-1.11/; + +# compile/install +./configure;\ + make;\ + make install; + +#Fix libdnet + cp /usr/local/lib/libdnet.1.11.1 /usr/local/lib/libdnet.so.1.0.1 &&\ + ldconfig + +#Install DAQ +cd /src &&\ + wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz &&\ + tar -zxvf daq-2.0.6.tar.gz &&\ + cd daq-2.0.6/ &&\ + ./configure && make && make install + +# DL Snort +cd /src &&\ + wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz &&\ + tar -zxvf snort-2.9.11.1.tar.gz &&\ + cd snort-2.9.11.1/ &&\ + +# INSTALL SNORT +cd snort-2.9.11.1/ &&\ + ./configure --prefix /usr/local/snort --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-reload && make && make install &&\ + groupadd snort && useradd -g snort snort && ln -s /usr/local/snort/bin/snort /usr/sbin/ && ln -s /usr/local/snort/etc /etc/snort &&\ + mkdir -p /usr/local/snort/var/log && chown snort:snort /usr/local/snort/var/log && ln -s /usr/local/snort/var/log /var/log/snort &&\ + ln -s /usr/local/snort/lib/snort_dynamicpreprocessor /usr/local/lib/snort_dynamicpreprocessor &&\ + ln -s /usr/local/snort/lib/snort_dynamicengine /usr/local/lib/snort_dynamicengine + +#snort rules +mkdir /usr/local/snort/lib/snort_dynamicrules && ln -s /usr/local/snort/lib/snort_dynamicrules /usr/local/lib/snort_dynamicrules &&\ +chown -R snort:snort /usr/local/snort && ldconfig + +#Install glib +cd /src &&\ +wget https://ftp.gnome.org/pub/gnome/sources/glib/2.2/glib-2.2.3.tar.gz && tar -zxvf glib-2.2.3.tar.gz &&\ +cd glib-2.2.3 && ./configure && make && make install + +#Install p0f +cd /src &&\ + wget http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.09b.tgz &&\ + tar -zxvf p0f-3.09b.tgz && cd p0f-3.09b/ && sed -i "s/p0f.fp/\/etc\/p0f\/p0f.fp/g" config.h && make && cp p0f /usr/local/bin && mkdir /etc/p0f &&\ + cp p0f.fp /etc/p0f/ + +#Install Pynids for 64 bit +cd /src &&\ + wget https://jon.oberheide.org/files/pynids-0.6.1.tar.gz &&\ + tar -zxvf pynids-0.6.1.tar.gz && cd pynids-0.6.1 && tar -zxvf libnids-1.24.tar.gz && cd libnids-1.24/ &&\ + ./configure CFLAGS=-fPIC --disable-libglib --disable-libnet --disable-shared && make && make install &&\ + cd .. && python setup.py build && python setup.py install + +#Set Java Environment +PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH +PPD=/src/packetpig/:$PATH + +# Packetpig +cd /src/ &&\ + cd packetpig &&\ + lib/scripts/tcp.py -r data/web.pcap -om http_headers -of tsv | less &&\ + lib/scripts/dns_parser.py -r data/web.pcap && mkdir out &&\ + pig -x local -f pig/examples/binning.pig -param pcap=data/web.pcap -param output=output && more output/binning/part-r-00000 From 3efef3d4b8e1f5eee1419cb4dae67aa7fe965c73 Mon Sep 17 00:00:00 2001 From: Aslan Varoqua Date: Mon, 14 May 2018 09:32:39 -0600 Subject: [PATCH 3/5] Update Dockerfile --- Dockerfile | 48 +++++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf56e48..b30bb41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,21 @@ -RUN apt install RUN curl -y --force-yes \ -RUN apt install wget -y --force-yes && \ -RUN apt install build-essential -y --force-yes && \ -RUN apt install hadoop-0.20 -y --force-yes && \ -RUN apt install hadoop-pig git-core -y --force-yes && \ -RUN apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ -RUN apt install ipython python2.7-dev -y --force-yes && \ -RUN apt install libnet1-dev -y --force-yes && \ -RUN apt install python-pip flex bison -y --force-yes && \ -RUN apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ -RUN apt install default-jre -y --force-yes && \ -RUN apt install openjdk-8-jdk -y --force-yes && \ -RUN apt install libpcre3 -y --force-yes && \ -RUN apt install libpcre3-dev pkg-config gettext -y --force-yes && \ -RUN apt install pcap -y --force-yes && \ -RUN pip install virtualenv -y --force-yes && \ -RUN apt install git +RUN apt install curl -y --force-yes &&\ + apt install wget -y --force-yes && \ + apt install build-essential -y --force-yes && \ + apt install hadoop-0.20 -y --force-yes && \ + apt install hadoop-pig git-core -y --force-yes && \ + apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ + apt install ipython python2.7-dev -y --force-yes && \ + apt install libnet1-dev -y --force-yes && \ + apt install python-pip flex bison -y --force-yes && \ + apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ + apt install default-jre -y --force-yes && \ + apt install openjdk-8-jdk -y --force-yes && \ + apt install libpcre3 -y --force-yes && \ + apt install libpcre3-dev pkg-config gettext -y --force-yes && \ + apt install pcap -y --force-yes && \ + pip install virtualenv -y --force-yes && \ + apt install git -y --force-yes #repos RUN echo "deb http://archive.cloudera.com/debian maverick-cdh3 contrib" > /etc/apt/sources.list.d/cloudera.list @@ -24,8 +24,9 @@ RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise universe" >> /etc/apt RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe" >> /etc/apt/sources.list -RUN curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - -apt-get update +RUN curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - + +RUN apt-get update RUN apt install build-essential hadoop-0.20 bunzip make autoconf hadoop-pig git-core libnids-dev libnids1.21 libmagic-dev ipython python2.7-dev libnet1-dev python-pip flex bison libpcap0.8 libpcap0.8-dev openjdk-6-jdk libpcre3 libpcre3-dev pkg-config gettext -y @@ -60,8 +61,7 @@ RUN cd /src &&\ # DL Snort RUN cd /src &&\ wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz &&\ - tar -zxvf snort-2.9.11.1.tar.gz &&\ - cd snort-2.9.11.1/ &&\ + tar -zxvf snort-2.9.11.1.tar.gz # INSTALL SNORT RUN cd snort-2.9.11.1/ &&\ @@ -94,8 +94,8 @@ RUN cd /src &&\ cd .. && python setup.py build && python setup.py install #Set Java Environment -PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH -PPD=/src/packetpig/:$PATH +RUN PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH &&\ + PPD=/src/packetpig/:$PATH # Packetpig RUN cd /src/ &&\ @@ -103,3 +103,5 @@ RUN cd /src/ &&\ lib/scripts/tcp.py -r data/web.pcap -om http_headers -of tsv | less &&\ lib/scripts/dns_parser.py -r data/web.pcap && mkdir out &&\ pig -x local -f pig/examples/binning.pig -param pcap=data/web.pcap -param output=output && more output/binning/part-r-00000 + +RUN echo "installation complete" From 7c7603e870e6b3e654fa29dccfd0fccbbaa5f5dc Mon Sep 17 00:00:00 2001 From: Aslan Varoqua Date: Mon, 14 May 2018 09:34:50 -0600 Subject: [PATCH 4/5] Update Dockerfile --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index b30bb41..0fd3b02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,10 @@ RUN apt install curl -y --force-yes &&\ pip install virtualenv -y --force-yes && \ apt install git -y --force-yes +RUN mkdir /src/ && \ + cd /src && \ + git clone http://github.com/packetloop/packetpig.git + #repos RUN echo "deb http://archive.cloudera.com/debian maverick-cdh3 contrib" > /etc/apt/sources.list.d/cloudera.list RUN echo "deb-src http://archive.cloudera.com/debian maverick-cdh3 contrib" >> /etc/apt/sources.list.d/cloudera.list From fd9ea51b4ff4a77747ff94940d978470932563bf Mon Sep 17 00:00:00 2001 From: Aslan Varoqua Date: Mon, 14 May 2018 09:36:18 -0600 Subject: [PATCH 5/5] Update install.sh --- debian/install.sh | 73 +++++++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/debian/install.sh b/debian/install.sh index 2b0f8db..3017e05 100644 --- a/debian/install.sh +++ b/debian/install.sh @@ -1,35 +1,45 @@ #/bin/sh -apt install curl -y --force-yes \ -apt install wget -y --force-yes && \ -apt install build-essential -y --force-yes && \ -apt install hadoop-0.20 -y --force-yes && \ -apt install hadoop-pig git-core -y --force-yes && \ -apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ -apt install ipython python2.7-dev -y --force-yes && \ -apt install libnet1-dev -y --force-yes && \ -apt install python-pip flex bison -y --force-yes && \ -apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ -apt install default-jre -y --force-yes && \ -apt install openjdk-8-jdk -y --force-yes && \ -apt install libpcre3 -y --force-yes && \ -apt install libpcre3-dev pkg-config gettext -y --force-yes && \ -apt install pcap -y --force-yes && \ -pip install virtualenv -y --force-yes && \ -apt install git + +apt install curl -y --force-yes &&\ + apt install wget -y --force-yes && \ + apt install build-essential -y --force-yes && \ + apt install hadoop-0.20 -y --force-yes && \ + apt install hadoop-pig git-core -y --force-yes && \ + apt install libnids-dev libnids1.21 libmagic-dev -y --force-yes && \ + apt install ipython python2.7-dev -y --force-yes && \ + apt install libnet1-dev -y --force-yes && \ + apt install python-pip flex bison -y --force-yes && \ + apt install libpcap0.8 libpcap0.8-dev -y --force-yes && \ + apt install default-jre -y --force-yes && \ + apt install openjdk-8-jdk -y --force-yes && \ + apt install libpcre3 -y --force-yes && \ + apt install libpcre3-dev pkg-config gettext -y --force-yes && \ + apt install pcap -y --force-yes && \ + pip install virtualenv -y --force-yes && \ + apt install git -y --force-yes + +mkdir /src/ && \ + cd /src && \ + git clone http://github.com/packetloop/packetpig.git #repos echo "deb http://archive.cloudera.com/debian maverick-cdh3 contrib" > /etc/apt/sources.list.d/cloudera.list echo "deb-src http://archive.cloudera.com/debian maverick-cdh3 contrib" >> /etc/apt/sources.list.d/cloudera.list echo "deb http://us.archive.ubuntu.com/ubuntu/ precise universe" >> /etc/apt/sources.list echo "deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe" >> /etc/apt/sources.list -curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - + + +curl -s http://archive.cloudera.com/debian/archive.key | apt-key add - + apt-get update +apt install build-essential hadoop-0.20 bunzip make autoconf hadoop-pig git-core libnids-dev libnids1.21 libmagic-dev ipython python2.7-dev libnet1-dev python-pip flex bison libpcap0.8 libpcap0.8-dev openjdk-6-jdk libpcre3 libpcre3-dev pkg-config gettext -y + pip install python-magic argparse #DL libdnet cd /src;\ -wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz + wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz #untar libdnet tar -zxvf libdnet-1.11.tgz; @@ -43,7 +53,7 @@ cd libdnet-1.11/; make install; #Fix libdnet - cp /usr/local/lib/libdnet.1.11.1 /usr/local/lib/libdnet.so.1.0.1 &&\ +cp /usr/local/lib/libdnet.1.11.1 /usr/local/lib/libdnet.so.1.0.1 &&\ ldconfig #Install DAQ @@ -56,8 +66,7 @@ cd /src &&\ # DL Snort cd /src &&\ wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz &&\ - tar -zxvf snort-2.9.11.1.tar.gz &&\ - cd snort-2.9.11.1/ &&\ + tar -zxvf snort-2.9.11.1.tar.gz # INSTALL SNORT cd snort-2.9.11.1/ &&\ @@ -69,12 +78,12 @@ cd snort-2.9.11.1/ &&\ #snort rules mkdir /usr/local/snort/lib/snort_dynamicrules && ln -s /usr/local/snort/lib/snort_dynamicrules /usr/local/lib/snort_dynamicrules &&\ -chown -R snort:snort /usr/local/snort && ldconfig + chown -R snort:snort /usr/local/snort && ldconfig #Install glib cd /src &&\ -wget https://ftp.gnome.org/pub/gnome/sources/glib/2.2/glib-2.2.3.tar.gz && tar -zxvf glib-2.2.3.tar.gz &&\ -cd glib-2.2.3 && ./configure && make && make install + wget https://ftp.gnome.org/pub/gnome/sources/glib/2.2/glib-2.2.3.tar.gz && tar -zxvf glib-2.2.3.tar.gz &&\ + cd glib-2.2.3 && ./configure && make && make install #Install p0f cd /src &&\ @@ -90,12 +99,14 @@ cd /src &&\ cd .. && python setup.py build && python setup.py install #Set Java Environment -PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH -PPD=/src/packetpig/:$PATH +PATH=/usr/lib/jvm/java-8-openjdk-amd64/:$PATH &&\ + PPD=/src/packetpig/:$PATH # Packetpig cd /src/ &&\ - cd packetpig &&\ - lib/scripts/tcp.py -r data/web.pcap -om http_headers -of tsv | less &&\ - lib/scripts/dns_parser.py -r data/web.pcap && mkdir out &&\ - pig -x local -f pig/examples/binning.pig -param pcap=data/web.pcap -param output=output && more output/binning/part-r-00000 + cd packetpig &&\ + lib/scripts/tcp.py -r data/web.pcap -om http_headers -of tsv | less &&\ + lib/scripts/dns_parser.py -r data/web.pcap && mkdir out &&\ + pig -x local -f pig/examples/binning.pig -param pcap=data/web.pcap -param output=output && more output/binning/part-r-00000 + +echo "installation complete"