JP Vossen on 25 Aug 2009 13:11:49 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ubuntu apt_get


> On Tue, 25 Aug 2009, Ron Kaye Jr wrote:
> 
>>    i am just getting up to speed on ubuntu
>>    i want to install snort
>>    i can of course download , expand tarball etc
>>
>>    can i use an apt_get command  to go out and grab it/ install it, etc?

First, as other people have subtly pointed out, it's apt-get, not apt_get.

Second, apt-get is the "old" tool.  The "new" one is called aptitude. 
There is (of course) some debate over which is preferred or "best." 
Personally I use aptitude, but many long-time Debian folks still use 
apt-get out of habit.  The most important part is to pick one and use 
it, don't switch back and forth.

There are various GUI tools (Applications, Add/Remove) as well, but I 
prefer the command line.  Also, these are all binary package managers, 
so there is no compiling involved.  That's quicker and easier, at the 
cost of being less tailored to your particular needs and environment. 
Gentoo and the *BSD "ports" collections do it differently.  Rather than 
downloading pre-compiled binaries, you download the source, patches, 
hints and other stuff then automagically compile for your 
environment/needs.  That can result in more custom tools that run a bit 
faster, but also can be a hassle.  You'll learn a lot though...

Third, if you have a background in RPM, I think you will find 
http://www.jpsdomain.org/linux/apt.html very useful.  Even if you don't, 
that table will give you an idea of the things you can do.  I also have 
a "cheater/wrapper" script called 'deb' that consolidates some useful 
APT-type functions.

Fourth, as you may know packages in the repos tend to lag behind the 
current version, sometimes by a lot.  That's often a good thing, for 
stability and support (LTS), but for certain things that evolve quickly, 
like Snort, that won't always work.  If you are just messing around, no 
big deal.  If you want to use Snort in Enterprise production, that may 
be an issue.  (I'd also go with Debian, CentOS, a *BSD or possibly one 
of the custom "security appliance" distros, instead of Ubuntu, for that 
purpose.)  Some large projects (e.g., OpenOffice) have Launchpad PPAs 
for more current versions, but I don't think Snort/Sourcefire does (I 
haven't looked either).

Fifth, I wrote a bunch of stuff on Snort for SearchSecurity.com several 
years ago.  It's getting pretty old now, but some of it will still be 
useful.  In particular, OinkMaster is an awesome little (perl-based) 
tool for updating Snort rules.

Good luck,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug