snort, psad, fwsnort, and fwknop on Arch Linux ARM (Raspberry Pi)
ssh to your raspberry pi server
ssh fahmi@172.16.0.27
screen session
make new screen session, named snort. compiling snort, fwknop, and fwknop using Raspberry Pi is gonna take long. So, you can just leave it over night and reattach to screen session in the morning with “screen -r”. Another advantage of using screen is when you lost connection to the server, you can just reattach to the session and continue working from where you left off. Or you can just use tmux as an alternative to screen.
[fahmi@alarmpi ~]$ screen -S snort
compiling and building packages
[fahmi@alarmpi ~]$ wget https://aur.archlinux.org/packages/sn/snort/snort.tar.gz
[fahmi@alarmpi ~]$ tar xzvf snort.tar.gz
[fahmi@alarmpi ~]$ cd snort
[fahmi@alarmpi snort]$ makepkg -Acs
[fahmi@alarmpi snort]$ sudo pacman -U snort-2.9.7.0-3-armv6h.pkg.tar.xz
from the makepkg manpage:
-A, –ignorearch
Ignore a missing or incomplete arch field in the build script. This is for rebuilding packages from source when the PKGBUILD may be slightly outdated and not updated with an arch=(‘yourarch’) field.
-c, –clean
Clean up leftover work files and directories after a successful build.
-s, –syncdeps
Install missing dependencies using pacman. When build-time or run-time dependencies are not found, pacman will try to resolve them. If successful, the missing packages will be downloaded and installed.
fwsnort and fwknop
[fahmi@alarmpi ~]$ wget https://aur.archlinux.org/packages/fw/fwknop/fwknop.tar.gz
[fahmi@alarmpi ~]$ tar xzvf fwknop.tar.gz
[fahmi@alarmpi ~]$ cd fwknop
[fahmi@alarmpi fwknop]$ makepkg -Acs
[fahmi@alarmpi fwknop]$ sudo pacman -U fwknop-2.6.5-2-armv6h.pkg.tar.xz
The AUR package of fwsnort is outdated and since i don’t understand the install_pl.patch, I’m gonna install it from source. If you know how to edit the patch, let me know. Here’s the link about patching in ABS.
[fahmi@alarmpi ~]$ wget http://cipherdyne.org/fwsnort/download/fwsnort-1.6.5.tar.bz2
[fahmi@alarmpi ~]$ tar xjvf fwsnort.tar.gz
[fahmi@alarmpi fwsnort]$ cd fwsnort-1.6.5
[fahmi@alarmpi fwsnort-1.6.5]$ su
[root@alarmpi fwsnort-1.6.5]# ./install.pl
compiling and building packages needed for psad
Copy the links below to file link.
https://aur.archlinux.org/packages/pe/perl-unix-syslog/perl-unix-syslog.tar.gz
https://aur.archlinux.org/packages/pe/perl-iptables-parse/perl-iptables-parse.tar.gz
https://aur.archlinux.org/packages/pe/perl-iptables-chainmgr/perl-iptables-chainmgr.tar.gz
https://aur.archlinux.org/packages/ps/psad/psad.tar.gz
[fahmi@alarmpi ~]$ cat link | xargs wget
[fahmi@alarmpi ~]$ tar xzvf perl-iptables-parse.tar.gz
[fahmi@alarmpi ~]$ cd perl-iptables-parse
[fahmi@alarmpi perl-iptables-parse]$ makepkg -Acs
[fahmi@alarmpi perl-iptables-parse]$ sudo pacman -U perl-iptables-parse-1.1-2-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf perl-unix-syslog.tar.gz
[fahmi@alarmpi ~]$ cd perl-unix-syslog
[fahmi@alarmpi perl-unix-syslog]$ makepkg -Acs
[fahmi@alarmpi perl-unix-syslog]$ sudo pacman -U perl-unix-syslog-1.1-4-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf perl-iptables-chainmgr.tar.gz
[fahmi@alarmpi ~]$ cd perl-iptables-chainmgr
[fahmi@alarmpi perl-iptables-chainmgr]$ makepkg -Acs
[fahmi@alarmpi perl-iptables-chainmgr]$ sudo pacman -U perl-iptables-chainmgr-1.2-2-any.pkg.tar.xz
[fahmi@alarmpi ~]$ tar xzvf psad.tar.gz
[fahmi@alarmpi ~]$ cd psad
[fahmi@alarmpi psad]$ makepkg -Acs
[fahmi@alarmpi psad]$ sudo pacman -U --force psad-2.2.3-1-armv6h.pkg.tar.xz