Install libmysqlclient and snort from the source package in linux
Source: Internet
Author: User
Install libmysqlclient and snort-linux Enterprise Application-Linux server application from the source code package in Linux. For details, refer to the following. System Environment:
A micro-network is built using host machines and virtual machines to separate IDS from databases.
HOST: windows xp sp2 + apache-2.0 + mysql-5.0.15 + php-5.0 (with apache and php installed for future data analysis)
Virtual Machine: Red Hat Linux Enterprise 4 + libpcap + snort-2.0.5 + libmysqlclient + libpthread
Since the previous website has been installed in XP apache-2.0 + mysql-5.0.15 + php-5.0, learning multi-threaded programming in linux installed libpcap and libpthread, here the record is mainly libmysqlclient and snort installation.
1. Install libmysqlclient from the RPM package:
Because the database server is installed on xp, you only need to install the mysql client library in linux.
According to Snort Installation Manual-Snort, MySQL, Redhat 7.3 on snort.org
Under the guidance of the snort Installation section, there are two packages:
After installation, the header file mysql with libmysqlclient is stored in the/usr/include/mysql/directory. h. The mysql library files are stored in the/usr/lib/mysql/directory, but only. library files (including libmysqlclient) at the end of. a), No. so (shared library) file.
Use the following command to compile a simple test program (the code is provided at the end of this article ):
# Gcc-c-I/usr/include/mysql mysql-test.c
This command successfully generated the destination file mysql-test.o? BR> continue to enter the following command.
Pay attention to the order of parameters. gcc sometimes reports errors because the order of some parameters is incorrect. What should the specific order of some parameters be.
The preceding command provides countless error messages about "referencing undefined symbols". libmysqlclient. a references undefined symbols.
With hope for a long time, finally decided to install the mysql client library from the source package.
Uninstall MySQL-client and MySQL-devel:
# Rpm-e MySQL-client
# Rpm-e MySQL-devel
The above two Commands will directly delete all files released by rpm-ivh and their created folders.
2. Install the mysql client library from the source code package.
# Tar-zxvf mysql-5.0.22.tar.gz (mysql-5.0.22.tar.gz in/root directory)
# Cd mysql-5.0.22
Go to the mysql-5.0.22 directory, read the INSTALL-SOURCES file, and see several key options:
1. -- without-server
Only compile and install the client library without compiling the mysql server program, which is useful when the local machine only needs libmysqlclient.
2. -- enable-thread-safe-client
To ensure the thread security of routines in libmysqlclient, it is necessary to write a multi-threaded mysql client program, which requires a local multi-threaded library.
About 6 minutes later, the configure script generates all makefiles and then exits.
Execute make in the current directory for compilation:
# Make
Except for a long time, this process will take about one hour to complete the compilation task.
Installation:
# Make install
This process is also relatively fast, about two or three minutes.
After the installation is complete, the mysql. h file is in the/usr/local/mysql/include/mysql/directory (the include directory contains a mysql subdirectory ).
The library files starting with lib are in the/usr/local/mysql/lib/mysql/directory (the same as mysql. h, the lib directory contains a mysql subdirectory ).
OK. Everything works. The link is successful.
Run the following command:
#./Mysql-test
The system then sends an Error message: Loading libmysqlclient. so.15 Error; No Such File!
Copy libmysqlclient. so.15.0.0 in the/usr/local/mysql/lib/mysql/directory to the/usr/lib/directory:
After the screen is printed: mysql_init () successed.
The prompt message "Can not connect to mysql server (110)" is printed after 90 seconds)
In the msdos console of windows xp, type:
> Netstat-na
The system has opened port 3306, that is, mysql server is running.
Finally, we noticed that the system firewall is enabled in xp. After the system firewall is disabled, we will return to the linux ppty type:
#./Mysql-test
At this moment, the dawn of dawn finally appeared, prompting me that it has connected to the mysql server in XP.
3. Install snort2.0 from the source package
At present, the latest version of snort is 2.8, which is more complex than 2.0. I feel that the study or study is still 2.0 better, with a clear structure and complete functions.
Go to the snort2.0 source code directory and execute:
-- Enable-debug option: Compile snort to debug mode, which is helpful for learning or researching.
-- With-mysql =/usr/local/mysql option will enable snort to support mysql.
Note: The value of -- with-mysql is the path specified by -- prefix when msyql is compiled, rather than the path of libmysqlclient. so.
Run the following command:
# Make
# Make install
The two processes were smooth, and the total time was within 10 minutes.
4. Create an snort Database
Create the database snort2_0 in phpmyadmin and import/snort-2.0.5/contrib/create_mysql.
The phpmyadmin console prompts that the SQL script has a syntax error! The error statement is:
Create table schema (vseq int unsigned not null,
Ctime datetime not null,
Primary key (vseq ));
Insert into schema (vseq, ctime) VALUES ('20140901', now ());
The error is caused by the table name schema. Check the create_mysql script of snort-2.8.1 and find its usage of schema.
Add the "'' "(" '"to the left of the Key), that is, modify the following:
Create table 'scheme' (vseq int unsigned not null,
Ctime datetime not null,
Primary key (vseq ));
Insert into 'scheme' (vseq, ctime) VALUES ('20140901', now ());
After modification, try again. But other tables do not, such:
Create table event (sid int unsigned not null,
Cid int unsigned not null,
Signature int unsigned not null,
Timestamp datetime not null,
Primary key (sid, cid ),
INDEX sig (signature ),
INDEX time (timestamp ));
But no error is reported. Is schema a reserved word for mysql? Searching.
This problem also exists in the output plug-in of snort2.0.5. Start snort as follows:
# Snort-l/root/snort2.0 _ log-c/root/snort-2.0.5/etc/snort. conf
(
Snort. conf output plug-in configuration:
#
Output database: alert, mysql, user = root dbname = snort2_0 host = 172.16.178.87
# Password
NOTE: If no password is set for the database username specified by the user, remove the password keyword. Otherwise, an error occurs.
)
As a result, the system prompts that schema_VERSION = 0 when testing the database during the initial enabling process of snort. If it does not meet the requirements, the system immediately exits.
The vseq In the schema table is obviously 106.
Finally, you can see the following code in the CheckDBVersion function of the snort source code file spo_database.c:
Snprintf (select0, MAX_QUERY_LENGTH, "SELECT vseq FROM schema ");
Change it:
Snprintf (select0, MAX_QUERY_LENGTH, "SELECT vseq FROM 'scheme '");
Then return to the snort-2.0.5 directory and execute make uninstall, make, make install
(If You Want To compile from scratch, you need to execute the following commands:
# Make uninstall
# Make clean
# Rm config. cache or rm config. status (determined based on the file generated by your./configure script)
#./Configure
)
Run the following command:
# Snort-l/root/snort2.0 _ log-c/root/snort-2.0.5/etc/snort. conf
Now, snort is finally running in IDS mode. Several minutes later, I checked the snort2_0 database and found that snort had written a lot of data.
5. Questions:
1. What happens when mysql server processes a query with the table name schema.
2. How to query the software installed from the source code package in linux.
For example, in snort, rmp-q snort only prompts "? K uncertain? Suite snort"
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.