4

I am trying to install Snort on Ubuntu 21.04 from source files as per instructions on the Snort website. I have followed videos on Youtube and got past a number of issues, but I am stuck at:

sp_rpc_check.c:32:10: fatal error: rpc/rpc.h: No such file or directory
   32 | #include <rpc/rpc.h>
      |          ^~~~~~~~~~~
compilation terminated.
make[4]: *** [Makefile:478: sp_rpc_check.o] Error 1
make[4]: Leaving directory '/usr/snort-2.9.18/src/detection-plugins'
make[3]: *** [Makefile:428: all] Error 2
make[3]: Leaving directory '/usr/snort-2.9.18/src/detection-plugins'
make[2]: *** [Makefile:547: all-recursive] Error 1
make[2]: Leaving directory '/usr/snort-2.9.18/src'
make[1]: *** [Makefile:505: all-recursive] Error 1
make[1]: Leaving directory '/usr/snort-2.9.18'
make: *** [Makefile:370: all] Error 2

Have tried sudo apt install libntirpc-dev as per another thread here on AskUbuntu.

I am relatively newbie. have done sudo apt update and sudo apt upgrade.

From the snort website, https://www.snort.org/#get-started, have done all of:

wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz


                  


wget https://www.snort.org/downloads/snort/snort-2.9.18.tar.gz
tar xvzf daq-2.0.7.tar.gz
cd daq-2.0.7
./configure && make && sudo make install
tar xvzf snort-2.9.18.tar.gz
cd snort-2.9.18

but when running :

./configure --enable-sourcefire && make && sudo make install

get the error described above

I have also sorted libpcap, libpcre and dnet issues out. So it is just this rpc issue now. Thanks

Artur Meinild
  • 31,385
omboidal
  • 41
  • You may find this recent Q&A helpful: rpc.h missing? Ubuntu 21.04 – steeldriver Aug 30 '21 at 16:49
  • What was wrong with binary package https://packages.ubuntu.com/hirsute/snort ? – N0rbert Aug 30 '21 at 18:42
  • I'll be honest , I can't remember if I tried this at first. But I just tried and I get: 0 to upgrade, 0 to newly install, 0 to remove and 8 not to upgrade. But; $ snort Running in packet dump mode 
        --== Initializing Snort ==--

    Initializing Output Plugins! pcap DAQ configured to passive. Acquiring network traffic from "enp6s0". ERROR: Can't start DAQ (-1) - socket: Operation not permitted! Fatal Error, Quitting..

     – omboidal Aug 30 '21 at 21:59

6 Answers6

2

My OS is Debian, you can:

  1. Install the corresponding package with header files (what the -dev indicates).

    sudo apt install libntirpc-dev

  2. Find where all the header files live.

    dpkg -L libntirpc-dev

    You can see some outputs like this:

    /usr/include/ntirpc/rpc/rpc.h

  3. Append the header directory to configure. (the build wants rpc/rpc.h which is in /usr/include/ntirpc)

    ./configure --enable-optimizations --includedir=/usr/include/ntirpc/
zx485
  • 2,894
sunmin
  • 21
1

If your /usr/include/rpc folder does not include the rpc.h file and you already installied libntirpc-dev, try linking the header into the standard directory as described here! Another solution I found, was to use ./configure CFLAGS=-I/usr/include/tirpc described by @steeldriver in another answer here as a comment! The upvoted solution did not work for me unfortunately, even though it also includes the library directory path...

Gerry
  • 11
0

Decision is simple. You need to put missing files from here https://github.com/lattera/glibc/tree/master/sunrpc/rpc to /usr/include/rpc It's not secure, but working xD Look here

Андрей Горшков
  • 1
0

I did the snort configuration in Kali distribution

sp_rpc_check.c:32:10: fatal error: rpc/rpc.h: No such file or directory
   32 | #include <rpc/rpc.h>

Fix the problem as follows:

  1. Search for a library that includes rpc (apt-file search rpc/rpc.h)
  2. Installing (apt-get install libntirpc-dev)
  3. Copying files from the ntircp folder to rcp folder
  4. Run: make
  5. Modifying the path of the file not found
  6. Repeat the process until mistakes resolved

Ex. 1:

Copying files from ntirpc to rpc

sp_rpc_check.c:32:10: fatal error: rpc/rpc.h: No such file or directory
   32 | #include <rpc/rpc.h>

/include/ntirpc# cp rpc.h /usr/include/rpc


/snort_source/snort-2.9.18.1# make

Ex.2:

Editing types.h

/usr/include/rpc/types.h:189:10: fatal error: misc/abstract_atomic.h: No such file or directory
  189 | #include <misc/abstract_atomic.h>

Change the line from:

#include <misc/abstract_atomic.h>

to:

#include </usr/include/rpc/misc/abstract_atomic.h>

Then

/snort_source/snort-2.9.18.1# make

etc., ...

I modified the following files:

wait_queuq.h
clnt.h
rpc.h
pool_queue.h
svc.h
portable.h
types.h

as required by make.

Approx: 40 lines of code

Greenonline
  • 2,182
ElTeniente
  • 1
  • Thanks. So following your instructions I fixed the rpc.h issue, and the abstract_atomic.h issue. what i am getting now is /usr/include/rpc/rpc-sn/rpc/svc.h:50:10: fatal error: reentrant.h: No such file or directory 50 | #include "reentrant.h". The reentrant.h file exists in the correct folder. it is referred to in the svc.h file etc in the following way: #include "reentrant.h" whereas most others are not in quotes. I have tried giving it a path , removing quotes, using <reentrant.h> or even commenting it out, online for help, but none of these fix the problem.... any help appreciated! – omboidal Oct 28 '21 at 15:58
0

i had the same problem but got no help all over the internet then i figure out it myself. basically the file are there but somehow the snort looking in some other directories. so all the files needed are placed in /usr/include/ntirpc/ but you have to copy each file accordingly to its own directories

for example to solve the first error you need to copy the file in the dir /usr/include/ntirpc/rpc/rpc.h to the dir /usr/include/rpc/

that will solve the first error but there are alot of other errors coming up in the installation but the same process.

if the error is misc/anyfile then copy the file from /usr/include/ntirpc/misc/ to the location /usr/incldue/misc

if the erroor says anyfile.h remember to just copy it into the /usr/include/

WARIOR KHAN
  • 1
-1

Ask the packaging system:

dpkg -S /usr/include/rpc/rpc.h

That will tell you which package provides /usr/include/rpc/rpc.h. Install that package. Read man dpkg.

waltinator
  • 1
  • So I get : no path found matching pattern /usr/include/rpc/rpc.h – omboidal Aug 30 '21 at 14:55
  • Google suggested :https://github.com/lxi-tools/liblxi/issues/8 where is dicussed so I tried : sudo dpkg -S /usr/include/tirpc/rpc/rpc.h, which returned: libtirpc-dev:amd64: /usr/include/tirpc/rpc/rpc.h But: sudo apt-get install libtirpc-dev .... libtirpc-dev is already the newest version (1.3.1-1build1). libtirpc-dev set to manually installed.

    0 to upgrade, 0 to newly install, 0 to remove and 7 not to upgrade.

     – omboidal Aug 30 '21 at 15:23
  • @omboidal if rpc.h is in a subdirectory you may need to pass the include path to the build process explicitly. The details will depend on exactly how it's written but you could try ./configure CFLAGS=-I/usr/include/tirpc for example – steeldriver Aug 30 '21 at 16:52
  • @steeldriver , thank you , I tried your suggestion. The command completed ok, but still the snort configuration stops at the same point. Any suggestions are appreciated Thanks – omboidal Aug 30 '21 at 18:20
  • Correct way to "Ask the packaging system" is https://packages.ubuntu.com/search?suite=hirsute&arch=any&mode=exactfilename&searchon=contents&keywords=rpc.h or sudo apt-get install apt-file; sudo apt-file update; apt-file search rpc/rpc.h . – N0rbert Aug 30 '21 at 18:41