Debian Paket erstellen
Version vom 6. Juni 2020, 18:31 Uhr von Thomas.will (Diskussion | Beiträge) (→Erstellen der snort.service)
- Beispiel daq und snort
Vorbereitung
- echo export DEBFULLNAME='"Xinux Technik"' >> ~/.profile
- echo export DEBEMAIL='"technik@xinux.de"' >> ~/.profile
- source ~/.profile
Install
- sudo apt-get install build-essential debhelper dh-make quilt fakeroot lintian
Installation der von daq benötigten Pakete
- apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev openssl libssl-dev libnghttp2-doc libnetfilter-queue-dev libluajit-5.1-dev
Verzeihnis erstellen
- mkdir daq
- cd daq
daq runterladen und ins Verzeichnis wechseln
- wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz
- tar -xvzf daq-2.0.7.tar.gz
- cd daq-2.0.7/
Erstellen der Vorlagen
- dh_make -f ../daq-2.0.7.tar.gz
- Type of package (single, indep, library, python) wählen
- Wir wählen library
Die debian/control Datei anpassen
- vi debian/control
Source: daq Priority: optional Maintainer: Xinux Technik <technik@xinux.de> Build-Depends: debhelper-compat (= 12), autotools-dev Standards-Version: 4.4.1 Section: libs Homepage: https://www.snort.org #Vcs-Browser: https://salsa.debian.org/debian/daq #Vcs-Git: https://salsa.debian.org/debian/daq.git Package: libdaq-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libdaq2 (= ${binary:Version}), ${misc:Depends} Description: Data Acquisition library for packet I/O - development files DAQ is a library that introduces an abstraction layer to PCAP functions facilitation operation in a variety of hardware and software interfaces. . It was written for Snort but it may be useful to other packet processing applicatons. . This package contains the static library and the C header files. Package: libdaq2 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libdaq0 Description: Data Acquisition library for packet I/O - shared library DAQ is a library that introduces an abstraction layer to PCAP functions facilitation operation in a variety of hardware and software interfaces. . It was written for Snort but it may be useful to other packet processing applicatons. . This package contains the shared library.
Erstellung des Binärpaketes
- dpkg-buildpackage -us -uc
Wir brauchen libdaq-dev für snort
- cd ..
- dpkg -i libdaq-dev_2.0.7-1_amd64.deb
snort runterladen und ins Verzeichnis wechseln
- wget https://www.snort.org/downloads/snort/snort-2.9.16.tar.gz
- tar -xvzf snort-2.9.16.tar.gz
- cd snort-2.9.16/
Erstellen der Vorlagen
- dh_make -f ../snort-2.9.16.tar.gz
- Type of package (single, indep, library, python) wählen
- Wir fählen single
Anpassen der debian/rules
vi debian/rules
#!/usr/bin/make -f %: dh $@ --with-systemd override_dh_auto_configure: dh_auto_configure -- --enable-sourcefire
Erstellen der snort.service
vi debian/snort.service
[Unit] Description=Snort NIDS Daemon After=syslog.target network.target [Service] Type=simple ExecStart=/usr/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -Q [Install] WantedBy=multi-user.target
Wir haben folgende Dateien
Data Acquisition library
- Header Dateien
libdaq-dev_2.0.7-1_amd64.deb
- Library
libdaq2_2.0.7-1_amd64.deb
Snort IDS und IPS
- Snort Package mit DAQ NFQ
snort_2.9.16-1_amd64.deb