Debian, Linux Distributions, OpenSourceSoftware, Security, Sguil, Snort, Suricata, Ubuntu

Sourcefire daq-0.4 and Snort- debian packages for Ubuntu 10.04

Moving to the new Snort 2.9 version, it added dependencies on a new library, namely DAQ(Data Acquisition library) for packet I/O.

So the little extra of packaging a new deb (daq) and check snort-debian files that they where compliant to the new version, made me debianize Suricata instead, as I saw that as quicker way to get an IDS up and running on my new firewall at home.

Now that I have suricata in place, plus some extra time last night, and I see people struggling trying to install/upgrade to Snort 2.9 on Ubuntu, I could not help my self trying to be helpful, again…

So I made debian packages and put them in my Ubuntu 10.04 Lucid PPA on launchpad. I started a new clean debian package for Snort. Its not yet packed with “debian-easy-features”, so it just installs Snort, makes the directories and adds some default configuration files. I will improve this as I go.

DAQ is built with:

Build AFPacket DAQ module.. : yes
Build Dump DAQ module…… : yes
Build IPFW DAQ module…… : yes
Build IPQ DAQ module……. : no
Build NFQ DAQ module……. : no
Build PCAP DAQ module…… : yes

And Snort is compiled with:


So, if you add my PPA, you apt-get install snort version Pronto though, Snort will be out, and I’ll upgrade accordingly. Suricata will also soon be out in 1.0.3, hopefully this week. Maybe we get fresh releases from this Santa for both engines 🙂

Until then,

-*> Snort! <*-
Version IPv6 GRE (Build 92)
By Martin Roesch & The Snort Team:
Copyright (C) 1998-2010 Sourcefire, Inc., et al.
Using libpcap version 1.0.0
Using PCRE version: 7.8 2008-09-05
Using ZLIB version:


4 thoughts on “Sourcefire daq-0.4 and Snort- debian packages for Ubuntu 10.04

  1. Pingback: Sourcefire daq-0.5 and Snort- debian packages for Ubuntu 10.04- Work Together For The Benefit Of All ManKind…

  2. lyerra says:


    Thanks for the package. I added your ppa and installed snort, all goes fine, snort runs on sniffer mode and logger mode both.

    However, when I add the rules from the snort website, and I try to run snort on NIDS mode, it complains of not finding “white_list.rules”

    I edited sort.conf as follow :

    var WHITE_LIST_PATH /etc/snort/rules
    var BLACK_LIST_PATH /etc/snort/rules

    But that was useless, that file does not exist in the new ruleset… How to fix that ?


    • Hi,

      Try to set vars in snort.conf like:
      var WHITE_LIST_PATH rules
      var BLACK_LIST_PATH rules

      And then touch the following files:
      $ touch /etc/snort/rules/white_list.rules
      $ touch /etc/snort/rules/black_list.rules

      It should then not error out.


  3. lyerra says:

    Working like a charm now.

    By default, the vars in snort.conf were listed as :

    var WHITE_LIST_PATH rules/rules
    var BLACK_LIST_PATH rules/rules

    I don’t really get why it doesn’t understand the absolute path, but whatever works…

    Thanks a LOT for the packages, please maintain it for our sake. Ubuntu really should be updating their repositories but it does not look like they will.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s