New install fails
273 views
Skip to first unread message
Jon
Feb 14, 2014, 5:14:27 PM2/14/14
to securit...@googlegroups.com
I'm doing a new install of Security Onion following the steps in the wiki for a production installation. I did a new install of Ubuntu Server 12.04.4 32 bit. Everything went fine until the "sudo apt-get -y install securityonion-all" step, it downloaded everything and installed a lot of it but ended with this:
-------------------------
Errors were encountered while processing:
securityonion-pfring-module
securityonion-bro
securityonion-bro-scripts
securityonion-pfring-daq
securityonion-snort
securityonion-suricata
securityonion-sensor
securityonion-tcpudpflow
securityonion-sguil-server
securityonion-server
securityonion-all
------------------------
-------------------------
Errors were encountered while processing:
securityonion-pfring-module
securityonion-bro
securityonion-bro-scripts
securityonion-pfring-daq
securityonion-snort
securityonion-suricata
securityonion-sensor
securityonion-tcpudpflow
securityonion-sguil-server
securityonion-server
securityonion-all
------------------------
Scrolling back it looks like the first error encountered was this :
-------------------------
Setting up securityonion-pfring-module (20121107-0ubuntu0securityonion10) ...
Creating symlink /var/lib/dkms/pf_ring/5/source ->
/usr/src/pf_ring-5
DKMS: add completed.
Kernel preparation unnecessary for this kernel. Skipping...
Building module:
cleaning build area....
make KERNELRELEASE=3.11.0-15-generic -C /lib/modules/3.11.0-15-generic/build M=/var/lib/dkms/pf_ring/5/build......(bad exit status: 2)
Error! Bad return status for module build on kernel: 3.11.0-15-generic (i686)
Consult /var/lib/dkms/pf_ring/5/build/make.log for more information.
FATAL: Module pf_ring not found.
dpkg: error processing securityonion-pfring-module (--configure):
subprocess installed post-installation script returned error exit status 1
-------------------------------
JonH
Jon
Feb 14, 2014, 5:42:28 PM2/14/14
to securit...@googlegroups.com
I'm getting the same error on a new 64 bit install, here's the mentioned log:
$ cat /var/lib/dkms/pf_ring/5/build/make.log
DKMS make.log for pf_ring-5 for kernel 3.11.0-15-generic (i686)
Fri Feb 14 15:01:13 CST 2014
make: Entering directory `/usr/src/linux-headers-3.11.0-15-generic'
LD /var/lib/dkms/pf_ring/5/build/built-in.o
CC [M] /var/lib/dkms/pf_ring/5/build/pf_ring.o
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_add’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:956:5: error: implicit declaration of function ‘create_proc_read_entry’ [-Werror=implicit-function-declaration]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_init’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1582:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1585:28: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘skb_ring_handler’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4539:78: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4599:42: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘setSocketStats’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:7477:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_notifier’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9435:27: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9444:43: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:33: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:71: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:25: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:51: error: dereferencing pointer to incomplete type
cc1: some warnings being treated as errors
make[1]: *** [/var/lib/dkms/pf_ring/5/build/pf_ring.o] Error 1
make: *** [_module_/var/lib/dkms/pf_ring/5/build] Error 2
make: Leaving directory `/usr/src/linux-headers-3.11.0-15-generic'
$ cat /var/lib/dkms/pf_ring/5/build/make.log
DKMS make.log for pf_ring-5 for kernel 3.11.0-15-generic (i686)
Fri Feb 14 15:01:13 CST 2014
make: Entering directory `/usr/src/linux-headers-3.11.0-15-generic'
LD /var/lib/dkms/pf_ring/5/build/built-in.o
CC [M] /var/lib/dkms/pf_ring/5/build/pf_ring.o
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_add’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:956:5: error: implicit declaration of function ‘create_proc_read_entry’ [-Werror=implicit-function-declaration]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_init’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1582:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1585:28: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘skb_ring_handler’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4539:78: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4599:42: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘setSocketStats’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:7477:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_notifier’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9435:27: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9444:43: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:33: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:71: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:25: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:51: error: dereferencing pointer to incomplete type
cc1: some warnings being treated as errors
make[1]: *** [/var/lib/dkms/pf_ring/5/build/pf_ring.o] Error 1
make: *** [_module_/var/lib/dkms/pf_ring/5/build] Error 2
make: Leaving directory `/usr/src/linux-headers-3.11.0-15-generic'
Jon
Feb 14, 2014, 6:50:45 PM2/14/14
to securit...@googlegroups.com
I am also getting this error on a second machine using a new 64 bit install.
Here is the mentioned pf_ring build log:
JonH
Here is the mentioned pf_ring build log:
Michal Purzynski
Feb 14, 2014, 9:28:23 PM2/14/14
to securit...@googlegroups.com, securit...@googlegroups.com
This version of pfring is not compatible with a 3.11 kernel. The newest kernel you can use is from the 3.8 line. I use it in production and it works. Remember to also install kernel headers matching the 3.8, remove 3.11, reboot, uname -a to make sure and than apt-get install the pf module.
Michal Purzynski
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
Michal Purzynski
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
Jon
Feb 19, 2014, 3:12:22 PM2/19/14
to securit...@googlegroups.com
That was it, thanks. Had a few difficulties with apt because of the incomplete package installs, but eventually got the 3.8.0-35-generic kernel and headers installed and then was able to complete the security onion install. I'm kind of surprised that they changed kernel versions in LTS, I had thought all 12.04 installs would use the same kernel version.
The wiki instructions should probably be updated to warn about this.
The wiki instructions should probably be updated to warn about this.
Jon
Doug Burks
Feb 19, 2014, 5:11:24 PM2/19/14
to securit...@googlegroups.com
On Wed, Feb 19, 2014 at 3:12 PM, Jon <jo...@invtools.com> wrote:
> The wiki instructions should probably be updated to warn about this.
Updated.
> The wiki instructions should probably be updated to warn about this.
Reply all
Reply to author
Forward
0 new messages