Home page logo
/

snort logo Snort mailing list archives

Re: Unable to create stub so rules files
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Tue, 27 Nov 2012 15:43:15 +0000

On Tue, Nov 27, 2012 at 3:29 PM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 27/11/2012 15:17, C. L. Martinez wrote:
Yes, validates until end:
Running in Test mode
<snip>
Loading dynamic engine
/opt/snort/lib/snort_dynamicengine/libsf_engine.so... done

Okay - so after this point it should load your SOs

What do you have set as

dynamicdetection directory /x/x/x

var CONF_PATH /data/config/etc/idpsnort01
dynamicdetection directory $CONF_PATH/dynamicrules

in snort.conf - and is it empty?


ls -la /data/config/etc/idpsnort01/dynamicrules/
drwxr-xr-x  2 1210  1210     512 Oct 25 16:32 .
drwxr-xr-x  3 1210  1210     512 Oct 25 16:32 ..
-rwxr-xr-x  1 1210  1210  239051 Oct 25 16:32 bad-traffic.so
-rwxr-xr-x  1 1210  1210   38209 Oct 25 16:32 chat.so
-rwxr-xr-x  1 1210  1210  324551 Oct 25 16:32 dos.so
-rwxr-xr-x  1 1210  1210  407644 Oct 25 16:32 exploit.so
-rwxr-xr-x  1 1210  1210   39934 Oct 25 16:32 icmp.so
-rwxr-xr-x  1 1210  1210   42823 Oct 25 16:32 imap.so
-rwxr-xr-x  1 1210  1210  168057 Oct 25 16:32 misc.so
-rwxr-xr-x  1 1210  1210   64834 Oct 25 16:32 multimedia.so
-rwxr-xr-x  1 1210  1210  205755 Oct 25 16:32 netbios.so
-rwxr-xr-x  1 1210  1210   36959 Oct 25 16:32 nntp.so
-rwxr-xr-x  1 1210  1210   36168 Oct 25 16:32 p2p.so
-rwxr-xr-x  1 1210  1210  135525 Oct 25 16:32 smtp.so
-rwxr-xr-x  1 1210  1210   62830 Oct 25 16:32 snmp.so
-rwxr-xr-x  1 1210  1210   85236 Oct 25 16:32 specific-threats.so
-rwxr-xr-x  1 1210  1210   52614 Oct 25 16:32 web-activex.so
-rwxr-xr-x  1 1210  1210  963462 Oct 25 16:32 web-client.so
-rwxr-xr-x  1 1210  1210   38845 Oct 25 16:32 web-iis.so
-rwxr-xr-x  1 1210  1210   73561 Oct 25 16:32 web-misc.so

and distro is correct also:

file bad-traffic.so
bad-traffic.so: ELF 64-bit LSB shared object, x86-64, version 1
(FreeBSD), dynamically linked, not stripped

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]