基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决
在按照https://www.modb.pro/db/159797大佬的博客安装IDS,在安装Barnyard2时
sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
tar zxvf barnyard2-2-1.13.tar.gz
cd barnyard2-2-1.13
autoreconf -fvi -I ./
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
sudo make
sudo make install
当进行sudo make到,报了很多错误,在网上冲了几个小时,并没有找到相应的解答,直到看到这位大佬的文章
其中提到了第一个报错:po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers是源代码的bug,醍醐灌顶,直接改代码不就行了!
错误一:spo_alert_fwsam.c文件语法错误
po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
118 | typedef int SOCKET;
| ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
118 | typedef int SOCKET;
| ^~~~~~~
In file included from /usr/local/include/pcap/pcap.h:130,
from /usr/local/include/pcap.h:43,
from ../barnyard2.h:46,
from spo_alert_fwsam.c:91:
spo_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
118 | typedef int SOCKET;
| ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
118 | typedef int SOCKET;
| ^~~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
620 | if(p>buf);
| ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
621 | strcpy(buf,p);
| ^~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
620 | if(p>buf);
| ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
621 | strcpy(buf,p);
| ^~~~~~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
979 | ClassType *cn = NULL;
| ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
978 | SigNode *sn = NULL;
| ^~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
979 | ClassType *cn = NULL;
| ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
978 | SigNode *sn = NULL;
| ^~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
971 | static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
| ^~~~~~~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
971 | static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
| ^~~~~~~
make[3]: *** [Makefile:391:spo_alert_fwsam.o] 错误 1
make[3]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[2]: *** [Makefile:497:all-recursive] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make[1]: *** [Makefile:412:all-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13”
make: *** [Makefile:344:all] 错误 2
make[2]: *** [Makefile:391:spo_alert_fwsam.o] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[1]: *** [Makefile:497:install-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make: *** [Makefile:412:install-recursive] 错误 1
[2]- 退出 2 sudo make
具体解决方法如下:
用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_alert_fwsam.c
修改以下内容:
1. 用Barnyard2_SOCKET替换SOCKET
118 - typedef int SOCKET; //用Barnyard2_SOCKET替换SOCKET
+ typedef int Barnyard2_SOCKET;
……
964 - SOCKET stationsocket;
+ BARNYARD2_SOCKET stationsocket;
……
1390 - SOCKET stationsocket;
+ BARNYARD2_SOCKET stationsocket;
1541 - SOCKET stationsocket;
+ BARNYARD2_SOCKET stationsocket;
2. 删除if语句后的分号
620 if(p>buf); //删除分号
621 strcpy(buf,p);
3. 其他错误应该是误报,可以忽视。
再次sudo make时,问题一就解决了,但这只是一个开始!再次运行sudo make时,又出现了错误
问题二:spo_database.h文件出错
In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
360 | my_bool mysql_reconnect; /* We will handle it via the api. */
| ^~~~~~~
In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
360 | my_bool mysql_reconnect; /* We will handle it via the api. */
出现这个错误是因为在 MySQL 8 中,my_bool 被重命名为 bool。
解决方法很简单:用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_database.h
用bool替换my_bool
再次运行sudo make,依旧报错
问题三:spo_database_cache.c文件报错
spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
5270 | memset(sigRefArr,'\0',MAX_REF_OBJ);
| ^~~~~~
spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
5270 | memset(sigRefArr,'\0',MAX_REF_OBJ);
函数解释:memset:作用是在一段内存块中填充某个给定的值,它是对较大的结构体或数组进行清零操作的一种最快方法 。
void *memset(void *s, int ch, size_t n); //将s中当前位置后面的n个字节 (typedef unsigned int size_t )用 ch 替换并返回 s
在此文件中的memset是多余的. 因为这块内存马上就被全部覆盖,清零没有意义.
解决方法很简单
用/**/注释memset(sigRefArr,'\0',MAX_REF_OBJ);,忽略此函数
最后在运行sudo make && sudo make install,就成功啦