problems with apt-get install securityonion-pfring-module

129 views
Skip to first unread message

r.fu...@auckland.ac.nz

unread,
Jul 1, 2014, 11:41:07 PM7/1/14
to securit...@googlegroups.com
Hi I am using puppet to build my IDS sensors and installing various SO packages using apt-get. When puppet tries to install the pfring version of suricata it dies trying to install the pfring module. I then tried the install of pfring-module by hand:

root@secmonprd01:~# apt-get install securityonion-pfring-module
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
securityonion-pfring-module
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/83.8 kB of archives.
After this operation, 410 kB of additional disk space will be used.
Selecting previously unselected package securityonion-pfring-module.
(Reading database ... 129870 files and directories currently installed.)
Unpacking securityonion-pfring-module (from .../securityonion-pfring-module_20121107-0ubuntu0securityonion10_all.deb) ...
Setting up securityonion-pfring-module (20121107-0ubuntu0securityonion10) ...

Creating symlink /var/lib/dkms/pf_ring/5/source ->
/usr/src/pf_ring-5

DKMS: add completed.

Kernel preparation unnecessary for this kernel. Skipping...

Building module:
cleaning build area....
make KERNELRELEASE=3.11.0-23-generic -C /lib/modules/3.11.0-23-generic/build M=/var/lib/dkms/pf_ring/5/build....(bad exit status: 2)
Error! Bad return status for module build on kernel: 3.11.0-23-generic (x86_64)
Consult /var/lib/dkms/pf_ring/5/build/make.log for more information.
.......

root@secmonprd01:~# less /var/lib/dkms/pf_ring/5/build/make.log

DKMS make.log for pf_ring-5 for kernel 3.11.0-23-generic (x86_64)
Wed Jul 2 15:26:46 NZST 2014
make: Entering directory `/usr/src/linux-headers-3.11.0-23-generic'
LD /var/lib/dkms/pf_ring/5/build/built-in.o
CC [M] /var/lib/dkms/pf_ring/5/build/pf_ring.o
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_add’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:956:5: error: implicit declaration of function ‘create_proc_read_entry’ [-Werror=implicit-function-declaration]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_proc_init’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1582:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c:1585:28: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘skb_ring_handler’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4539:78: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c:4599:42: error: ‘struct net_device’ has no member named ‘master’
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘setSocketStats’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:7477:15: warning: assignment makes pointer from integer without a cast [enabled by default]
/var/lib/dkms/pf_ring/5/build/pf_ring.c: In function ‘ring_notifier’:
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9435:27: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9444:43: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:33: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9468:71: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:25: error: dereferencing pointer to incomplete type
/var/lib/dkms/pf_ring/5/build/pf_ring.c:9469:51: error: dereferencing pointer to incomplete type
cc1: some warnings being treated as errors
make[1]: *** [/var/lib/dkms/pf_ring/5/build/pf_ring.o] Error 1
make: *** [_module_/var/lib/dkms/pf_ring/5/build] Error 2
make: Leaving directory `/usr/src/linux-headers-3.11.0-23-generic'


I am guessing I need to have some kernel headers or something ?

Doug Burks

unread,
Jul 2, 2014, 7:24:21 AM7/2/14
to securit...@googlegroups.com
Our current PF_RING packages are not compatible with the 3.11 kernel.
You can either downgrade to the 3.8 kernel (and you'll need the kernel
headers as well) or wait for our next round of PF_RING packages:
https://code.google.com/p/security-onion/wiki/Roadmap
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks

Karolis

unread,
Jul 2, 2014, 3:48:03 PM7/2/14
to securit...@googlegroups.com
Hi Russell,

Could you share your puppet manifests?

Karolis

r.fu...@auckland.ac.nz

unread,
Jul 3, 2014, 7:04:11 PM7/3/14
to securit...@googlegroups.com
On Thursday, July 3, 2014 7:48:03 AM UTC+12, Karolis wrote:
> Hi Russell,
>
>
> Could you share your puppet manifests?
>

Happy to share but I am not sure how useful they will be. I have a fairly elaborate setup with scripts that generate the the puppet manifests from json configuration files. I then have two classes, sensor which sets up the basic stuff common to all sensor and then individual classes for each 'app' -- currently bro, suri, argus, streamdb and elasticsearch.

At the moment it is still in a state of flux as I work out what works and what does not.

Russell

Reply all
Reply to author
Forward
0 new messages