Installation issues on Kali linux

Hi there, I am new to Zeek and I was following a Udemy course on threat hunting.
However, I am unable to install Zeek on my fresh Kali 2022.3.

I tried the following steps

  1. Installing Zeek — Book of Zeek (git/master)

  2. Building from Source > Required Dependencies > Copy and paste the command for DEB/Debian-based Linux

  3. sudo apt install zeek -y

It keeps saying the following:

The following packages have unmet dependencies:
zeek-core : Depends: libc6 (< 2.32) but 2.34-4 is to be installed
E: Unable to correct problems, you have held broken packages.

How do I solve it?? Thanks in advance!

However, I am unable to install Zeek on my fresh Kali 2022.3.

I tried the following steps

  1. Installing Zeek — Book of Zeek (git/master)
  2. Building from Source > Required Dependencies > Copy and paste the command for DEB/Debian-based Linux
  3. sudo apt install zeek -y

You are mixing two things here, building from source (1 & 2) and installing prebuilt binary packages (3).

Kali 2022.3 seems have an outdated zeek-3.2.3 in its binary package repo for installation with apt. There is e.g., no package zeek-core in its repo, so I suspect you added another repo which contains the broken binary package which you cannot install. You could try to remove that repo (have a look at /etc/apt/sources.list and /etc/apt/sources.list.d/), and retry installation of Kali’s zeek package, but like I wrote, that version is outdated and not supported anymore.

Alternatively, skip step 3 above, and instead continue with the instructions for building from source from the Zeek documentation.

2 Likes

Same as mine too - I kept getting the problem 'E: Unmet dependencies.'libc6 (2.34) is required, however, 2.34-4 must be installed. I attempted an apt fix-broken install. I tried Sudo apt-get -f install to force the installation.

I attempted to upgrade or install a new package, but it is still not working. In all circumstances, I receive the same error messages.

1 Like

Hi Benjamin! Thanks so much for helping me. I have removed the repo from sources.list.d and like you mentioned, am unable to install with apt. I am currently installing from source now, seems to be working, will update. Thank you! You’ve really helped

Hey Banwood! I did what Benjamin mentioned above, specifically -

  1. delete the zeek repo from /etc/apt/sources.list.d/ (mine was in list.d)
  2. sudo apt-get install cmake make gcc g++ flex libfl-dev bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev → this is to install the required dependencies (for Debian based Linux, if you’re using other OS please refer here)
  3. sudo apt-get install python3-git python3-semantic-version → to install the option dependencies - again, this is for Debian based Linux
  4. git clone --recurse-submodules https://github.com/zeek/zeek → cloning the source packages from Zeek
  5. I noticed the zeek directory (for my Kali) is at /home/kali/zeek, so I got into the directory and ran the last few commands from the instructions, namely ./configure, then make
    (It’s taking more than an hour and I’m at 35% progress now, not sure how it’ll turn out, but better than getting stuck with sudo apt install zeek!)

UPDATE:
6: After step 5 above, I then ran sudo make install while still in the /home/kali/zeek folder
7: LAST STEP!! To configure the path to use Zeek in the runtime environment, I used export PATH=/usr/local/zeek/bin:$PATH → this command is also copied from the Zeek installation website, for Bourne shell syntax

ANOTHER UPDATE:
My tutorial required me to use sudo zeek -r <.pcap file here> but when I ran the command with sudo it says sudo: zeek: command not found… I realised I did not export zeek into my superuser path.
This brings me to my last step!!

8: See current non-superuser path with env | /bin/grep PATH
9: See current superuser path with sudo env | grep ^PATH
10: If zeek is not inside step 9, then copy the path from 8
11: Run sudo visudo, replace the current secure_path with the one you just copied
12: Save the file

It should work now!!!

Note - we do not provide binary packages for Kali linux - so you probably have to compile it from source if things do not work.

The Debian testing binary packages (and only the debian testing ones) have a good chance of working on Kali.

1 Like

Hi Sjm31.
Gratitude for this. It appears that I’m also progressing… Am here at 22% ’ Building CXX object auxil/broker/CMakeFiles…’

But I do hope I’m on the right path; fingers crossed.

Hi I got this error below while the installation was going , what is the way forward ?

30%] Building CXX object auxil/spicy/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/src/ast/expressions/id.cc.o
c++: fatal error: Killed signal terminated program cc1plus
compilation terminated.
make[3]: *** [auxil/spicy/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/build.make:264: auxil/spicy/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/src/ast/expressions/id.cc.o] Error 1
make[3]: Leaving directory ‘/home/kali/zeek/build’
make[2]: *** [CMakeFiles/Makefile2:4525: auxil/spicy/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/all] Error 2
make[2]: Leaving directory ‘/home/kali/zeek/build’
make[1]: *** [Makefile:166: all] Error 2
make[1]: Leaving directory ‘/home/kali/zeek/build’
make: *** [Makefile:15: all] Error

Hey Banwood. It worked for me. I updated my response above for the full steps!

I’m not sure about this… I used a fresh 2022.3 kali. I checked the c++: fatal error: Killed signal terminated program cc1plus error and it seems like the top results are due to insufficient memory.
For comparison, I am using VMware Workstation 16 pro, Kali 2022.3, 12gb memory, 2 processors, 2 cores per processors (no reason why, i just randomly chose 2…)

Except for the processor speed, my configuration is identical to yours. Maybe I’ll up the speed on mine and see what happens

 c++: fatal error: Killed signal terminated program cc1plus

If you see errors like this it means that the compiler died in a violent way. This can be due to a wide range of issues, but most of the time the compiler was killed due to an OOM error. The workaround is usually to either compile with less parallelism (pass smaller value to make -j <N>), or to increase the memory. If you compile with GCC you should allow for 2-4GB per CPU, for clang around 0.5-1GB.

Thank you, guy.

I increased the speed of my CPU, and it is now operating. presently at 33%.

Let’s see how it turns out. I’ll proceed as you suggested.

When should I run ‘sudo apt-install zeek’ at the directory?

Hi,

you are mixing up two things here. To install from source, you will never issue an apt command. The apt commands are only used for binary packages; for source installations follow these guidelines: Installing Zeek — Book of Zeek (git/master)

As mentioned above - we don’t support Kali linux for binary installations. In the past I have heard of people having success installing the Debian testing binaries - but only these, no other versions.

I hope this helps,
Johanna

2 Likes

Hi
I followed the steps above it seems worked.

I dont think i need to run Sudo Visudo since Zeek path is here?

(kali㉿kali)-[~/zeek]
└─$ sudo env | grep ^PATH
PATH=/usr/local/zeek/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:/home/kali/go/bin