snort, psad, fwsnort, and fwknop on Arch Linux ARM (Raspberry Pi)

ssh to your raspberry pi server

ssh fahmi@

screen session

make new screen session, named snort. compiling snort, fwknop, and fwknop using Raspberry Pi is gonna take long. So, you can just leave it over night and reattach to screen session in the morning with “screen -r”. Another advantage of using screen is when you lost connection to the server, you can just reattach to the session and continue working from where you left off. Or you can just use tmux as an alternative to screen.

[fahmi@alarmpi ~]$ screen -S snort

compiling and building packages

[fahmi@alarmpi ~]$ wget
[fahmi@alarmpi ~]$ tar xzvf snort.tar.gz
[fahmi@alarmpi ~]$ cd snort
[fahmi@alarmpi snort]$ makepkg -Acs
[fahmi@alarmpi snort]$ sudo pacman -U snort-

from the makepkg manpage:

-A, –ignorearch

Ignore a missing or incomplete arch field in the build script. This is for rebuilding packages from source when the PKGBUILD may be slightly outdated and not updated with an arch=(‘yourarch’) field.

-c, –clean

Clean up leftover work files and directories after a successful build.

-s, –syncdeps

Install missing dependencies using pacman. When build-time or run-time dependencies are not found, pacman will try to resolve them. If successful, the missing packages will be downloaded and installed.

fwsnort and fwknop

[fahmi@alarmpi ~]$ wget
[fahmi@alarmpi ~]$ tar xzvf fwknop.tar.gz
[fahmi@alarmpi ~]$ cd fwknop
[fahmi@alarmpi fwknop]$ makepkg -Acs
[fahmi@alarmpi fwknop]$ sudo pacman -U fwknop-2.6.5-2-armv6h.pkg.tar.xz

The AUR package of fwsnort is outdated and since i don’t understand the install_pl.patch, I’m gonna install it from source. If you know how to edit the patch, let me know. Here’s the link about patching in ABS.

[fahmi@alarmpi ~]$ wget
[fahmi@alarmpi ~]$ tar xjvf fwsnort.tar.gz
[fahmi@alarmpi fwsnort]$ cd fwsnort-1.6.5
[fahmi@alarmpi fwsnort-1.6.5]$ su
[root@alarmpi fwsnort-1.6.5]# ./

compiling and building packages needed for psad

Copy the links below to file link.
[fahmi@alarmpi ~]$ cat link | xargs wget
[fahmi@alarmpi ~]$ tar xzvf perl-iptables-parse.tar.gz
[fahmi@alarmpi ~]$ cd perl-iptables-parse
[fahmi@alarmpi perl-iptables-parse]$ makepkg -Acs
[fahmi@alarmpi perl-iptables-parse]$ sudo pacman -U perl-iptables-parse-1.1-2-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf perl-unix-syslog.tar.gz
[fahmi@alarmpi ~]$ cd perl-unix-syslog
[fahmi@alarmpi perl-unix-syslog]$ makepkg -Acs
[fahmi@alarmpi perl-unix-syslog]$ sudo pacman -U perl-unix-syslog-1.1-4-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf perl-iptables-chainmgr.tar.gz
[fahmi@alarmpi ~]$ cd perl-iptables-chainmgr
[fahmi@alarmpi perl-iptables-chainmgr]$ makepkg -Acs
[fahmi@alarmpi perl-iptables-chainmgr]$ sudo pacman -U perl-iptables-chainmgr-1.2-2-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf psad.tar.gz
[fahmi@alarmpi ~]$ cd psad
[fahmi@alarmpi psad]$ makepkg -Acs
[fahmi@alarmpi psad]$ sudo pacman -U --force psad-2.2.3-1-armv6h.pkg.tar.xz