Hi Seth,
So...I've gone to:
https://github.com/bro/bro/tree/topic/seth/pppoe
and downloaded to a .zip file. Configure fails at:
Build Directory : build
Source Directory: /home/newbro/bro-topic-seth-pppoe
-- The C compiler identification is GNU
-- The CXX compiler identification is GNU
-- Check for working C compiler: /usr/bin/gcc
-- Check for working C compiler: /usr/bin/gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
CMake Error at CMakeLists.txt:3 (include):
include could not find load file:
cmake/CommonCMakeConfig.cmake
CMake Error at CMakeLists.txt:43 (include):
include could not find load file:
FindRequiredPackage
-- Found sed: /bin/sed
CMake Error at CMakeLists.txt:55 (FindRequiredPackage):
Unknown CMake command "FindRequiredPackage".
-- Configuring incomplete, errors occurred!
Something tells me I'm doing this wrong...I also cloned https://github.com/bro/bro.git and I see the same thing. Any help would be great..thank you.
James
I wonder if we can turn off that downloading thingy since it doesn't seem to work with submodules..
Try this…
git clone --recursive git://git.bro.org/bro
git checkout topic/seth/pppoe
./configure
make
.Seth
Got it built, so it's a start. However I'm greeted with:
==== stderr.log
fatal error in /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro, line 41: BroType::AsRecordType (table/record) (set[record { min:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; max:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; }])
my exact process was:
git clone --recursive git://git.bro.org/bro
cd bro
git checkout topic/seth/pppoe
./configure
make
sudo make install
sudo broctl
install
start
Thanks Seth.
James
Your local.bro is probably using the old style for defining vulnerable software. You could just comment that out for now.
.Seth
Thanks Seth...that did the trick. Additionally I had to comment out:
@load protocols/http/detect-MHR
redef CaptureLoss::watch_interval = 1 min;
error in /usr/local/bro/share/bro/policy/protocols/http/detect-MHR.bro, line 22: no such field in record (HTTP::rec?$md5)
error in /usr/local/bro/share/bro/policy/protocols/http/detect-MHR.bro, line 24: no such field in record (HTTP::rec$md5)
error in /usr/local/bro/share/bro/policy/protocols/http/detect-MHR.bro, line 31: no such field in record (HTTP::rec$md5)
error in /usr/local/bro/spool/installed-scripts-do-not-touch/site/local.bro, line 76: "redef" used but not previously defined (CaptureLoss::watch_interval)
I saw just one of these:
#types time string addr port addr port string string bool string
1379351003.903370 - - - - - non_ip_packet_in_pppoe_encapsulation - F bro
so it's working good...this REALLY helps me out when my ISP flakes out and ppp0 drops/reconnects. Thanks Seth...also is there a spot that I can read about the "new" style for defines? Thanks again.
James
Makes sense. Thanks for the response!