Java教程

基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决

本文主要是介绍基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决

在按照https://www.modb.pro/db/159797大佬的博客安装IDS,在安装Barnyard2时

sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
tar zxvf barnyard2-2-1.13.tar.gz

cd barnyard2-2-1.13

autoreconf -fvi -I ./

./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu

sudo make

sudo make install

当进行sudo make到,报了很多错误,在网上冲了几个小时,并没有找到相应的解答,直到看到这位大佬的文章
其中提到了第一个报错:po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers是源代码的bug,醍醐灌顶,直接改代码不就行了!

错误一:spo_alert_fwsam.c文件语法错误

po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
  118 | typedef int SOCKET;
      |             ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
  118 | typedef int SOCKET;
      | ^~~~~~~
In file included from /usr/local/include/pcap/pcap.h:130,
                 from /usr/local/include/pcap.h:43,
                 from ../barnyard2.h:46,
                 from spo_alert_fwsam.c:91:
spo_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
  118 | typedef int SOCKET;
      |             ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
  118 | typedef int SOCKET;
      | ^~~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
  620 |         if(p>buf);
      |         ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
  621 |             strcpy(buf,p);
      |             ^~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
  620 |         if(p>buf);
      |         ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
  621 |             strcpy(buf,p);
      |             ^~~~~~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
  979 |     ClassType   *cn = NULL;
      |                  ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
  978 |     SigNode     *sn = NULL;
      |                  ^~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
  979 |     ClassType   *cn = NULL;
      |                  ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
  978 |     SigNode     *sn = NULL;
      |                  ^~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
  971 |     static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
      |                           ^~~~~~~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
  971 |     static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
      |                           ^~~~~~~
make[3]: *** [Makefile:391:spo_alert_fwsam.o] 错误 1
make[3]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[2]: *** [Makefile:497:all-recursive] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make[1]: *** [Makefile:412:all-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13”
make: *** [Makefile:344:all] 错误 2
make[2]: *** [Makefile:391:spo_alert_fwsam.o] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[1]: *** [Makefile:497:install-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make: *** [Makefile:412:install-recursive] 错误 1
[2]-  退出 2                sudo make

具体解决方法如下:
用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_alert_fwsam.c
修改以下内容:

1. 用Barnyard2_SOCKET替换SOCKET

118 - typedef int SOCKET;				//用Barnyard2_SOCKET替换SOCKET
    + typedef int Barnyard2_SOCKET;
    ……
964 - SOCKET stationsocket;
    + BARNYARD2_SOCKET stationsocket;
    ……
1390 - SOCKET stationsocket;
     + BARNYARD2_SOCKET stationsocket;
1541 - SOCKET stationsocket;
     + BARNYARD2_SOCKET stationsocket;

2. 删除if语句后的分号

620  if(p>buf);			//删除分号
621     strcpy(buf,p);

3. 其他错误应该是误报,可以忽视。

再次sudo make时,问题一就解决了,但这只是一个开始!再次运行sudo make时,又出现了错误

问题二:spo_database.h文件出错

In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
  360 |     my_bool mysql_reconnect; /* We will handle it via the api. */
      |     ^~~~~~~
In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
  360 |     my_bool mysql_reconnect; /* We will handle it via the api. */

出现这个错误是因为在 MySQL 8 中,my_bool 被重命名为 bool。
解决方法很简单:用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_database.h

bool替换my_bool

再次运行sudo make,依旧报错

问题三:spo_database_cache.c文件报错

spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
 5270 |      memset(sigRefArr,'\0',MAX_REF_OBJ);
      |      ^~~~~~
spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
 5270 |      memset(sigRefArr,'\0',MAX_REF_OBJ);

函数解释:
memset:作用是在一段内存块中填充某个给定的值,它是对较大的结构体或数组进行清零操作的一种最快方法 。

void *memset(void *s, int ch, size_t n); //将s中当前位置后面的n个字节 (typedef unsigned int size_t )用 ch 替换并返回 s 

在此文件中的memset是多余的. 因为这块内存马上就被全部覆盖,清零没有意义.
解决方法很简单

用/**/注释memset(sigRefArr,'\0',MAX_REF_OBJ);,忽略此函数

最后在运行sudo make && sudo make install,就成功啦

这篇关于基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!