Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unable to use dynamicrules on CentOS 6.4 x86_64

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 05 Jul 2013 18:03:13 -0400
On 7/5/2013 09:20, Jaspal wrote:

On Friday 05 July 2013 05:47 PM, waldo kitty wrote:

On 7/5/2013 05:47, Jaspal wrote:

Hi,

I am trying to use the dynamic rules present in snort-rules-snapshot-2495 with
snort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.

is this "snort-2.9.5" a typo? if not, then that's part of your problem... in
many cases you cannot mix rules for one version of snort with a different
version of snort... the dynamic rules are definitely an example of this...

Thanks for the response.
It's not a typo. That's the latest tar on the site and I could not find
sources of older versions. ( Why not a give a link ? )


i do not know what they do not keep links to the source of other currently 
supported versions of snort... someone from snort or VRT will have to answer 
that question...

[hours pass]

i decided to look a bit deeper into compiling one's own so_rules files... i 
don't know if what i have done is right or complete but the so rules did get 
compiled, snort has accepted them and snort has created the stub files from its 
--dump-dynamic-rules option... i've posted a query to this list about that in 
another thread...

when it comes to compiling the so dynamic shared rules, it should be no 
different than compiling snort, itself... they are, after all, just C code 
dynamic libraries... the key is to use the proper dynamic engine library to 
compile/link them with... that library code should come with snort since it has 
to use it, too... with that in mind, you've got your snort 2.9.5 code, compiled 
it and it works... now you have a rule set and you should be able to compile the 
so dynamic shared rules by pointing them to the snort source library so they can 
pick up at least that needed dynamic engine file... i have done this and only 
made one change to the so_rules/src/Makefile... i'm working on a document about 
on this as well... when i've some answers to some questions i hope to complete 
this document and my testing so that i can share it with others...


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: