Snort mailing list archives

Re: Dynamic Preprocessor Errors

From: "info+lucretia.ca" <info () lucretia ca>
Date: Wed, 31 Jan 2007 17:30:07 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anyone have a solution for this?

Cheers,


James Friesen, CIO

Thanks for the responses.

Yes, these and all the other preprocessors are in this dir
and linked.  Here is the output from this dir:


sloa@X4ft11:/usr/local/lib/snort_dynamicpreprocessor$ ls -la
total 1268
drwxr-xr-x 2 root root   4096 2007-01-28 13:57 .
drwxr-xr-x 6 root root   4096 2007-01-25 21:12 ..
- -rw-r--r-- 1 root root 150854 2007-01-28 13:57
libsf_dcerpc_preproc.a
- -rwxr-xr-x 1 root root    989 2007-01-28 13:57
libsf_dcerpc_preproc.la
lrwxrwxrwx 1 root root     29 2007-01-28 13:57
libsf_dcerpc_preproc.so ->
libsf_ dcerpc_preproc.so.0.0.0
lrwxrwxrwx 1 root root     29 2007-01-28 13:57
libsf_dcerpc_preproc.so.0 ->
libs f_dcerpc_preproc.so.0.0.0
- -rwxr-xr-x 1 root root  93883 2007-01-28 13:57
libsf_dcerpc_preproc.so.0.0.0
- -rw-r--r-- 1 root root  51862 2007-01-28 13:57 libsf_dns_preproc.a
- -rwxr-xr-x 1 root root    968 2007-01-28 13:57 libsf_dns_preproc.la
lrwxrwxrwx 1 root root     26 2007-01-28 13:57 libsf_dns_preproc.so ->
libsf_dns _preproc.so.0.0.0
lrwxrwxrwx 1 root root     26 2007-01-28 13:57
libsf_dns_preproc.so.0 ->
libsf_d ns_preproc.so.0.0.0
- -rwxr-xr-x 1 root root  41482 2007-01-28 13:57
libsf_dns_preproc.so.0.0.0
- -rw-r--r-- 1 root root 302478 2007-01-28 13:57
libsf_ftptelnet_preproc.a
- -rwxr-xr-x 1 root root   1010 2007-01-28 13:57
libsf_ftptelnet_preproc.la
lrwxrwxrwx 1 root root     32 2007-01-28 13:57
libsf_ftptelnet_preproc.so ->
lib sf_ftptelnet_preproc.so.0.0.0
lrwxrwxrwx 1 root root     32 2007-01-28 13:57
libsf_ftptelnet_preproc.so.0
-> l ibsf_ftptelnet_preproc.so.0.0.0
- -rwxr-xr-x 1 root root 194949 2007-01-28 13:57
libsf_ftptelnet_preproc.so.0.0.0
- -rw-r--r-- 1 root root 173890 2007-01-28 13:57 libsf_smtp_preproc.a
- -rwxr-xr-x 1 root root    975 2007-01-28 13:57 libsf_smtp_preproc.la
lrwxrwxrwx 1 root root     27 2007-01-28 13:57
libsf_smtp_preproc.so ->
libsf_sm tp_preproc.so.0.0.0
lrwxrwxrwx 1 root root     27 2007-01-28 13:57
libsf_smtp_preproc.so.0 ->
libsf_ smtp_preproc.so.0.0.0
- -rwxr-xr-x 1 root root 108681 2007-01-28 13:57
libsf_smtp_preproc.so.0.0.0
- -rw-r--r-- 1 root root  56934 2007-01-28 13:57 libsf_ssh_preproc.a
- -rwxr-xr-x 1 root root    968 2007-01-28 13:57 libsf_ssh_preproc.la
lrwxrwxrwx 1 root root     26 2007-01-28 13:57 libsf_ssh_preproc.so ->
libsf_ssh _preproc.so.0.0.0
lrwxrwxrwx 1 root root     26 2007-01-28 13:57
libsf_ssh_preproc.so.0 ->
libsf_s sh_preproc.so.0.0.0
- -rwxr-xr-x 1 root root  46923 2007-01-28 13:57
libsf_ssh_preproc.so.0.0.0


Cheers,

James Friesen

-----Original Message-----
From: rmkml [mailto:rmkml () free fr]

Hi,
do you have libsf_ftptelnet_preproc.so on this dir ?
  /usr/local/lib/snort_dynamicpreprocessor/
and please send "ls -la /usr/local/lib/snort_dynamicpreprocessor/"
Regards
Rmkml


On Mon, 29 Jan 2007, info+lucretia.ca wrote:

Hello.

I'm trying to build 2.7.0.beta1 on Ubuntu 6.06.  So far

things are

working well, except when I attempt to turn on the dynamic

preprocessors.


I encountered an ID error when I simply uncommented them

so I added

some text to make them look like the command line

counterparts.  I'm

not certain whether they work from the command line, as I'm not
interested in starting them this way.

Starting snort with 'sudo' using the one and only parameter:  '-c
/etc/snort/snort.conf' I get the following output:

 ERROR: /etc/snort/snort.conf(539): Bad rule in rules file

This line contains:

 dynamic-preprocessor-lib

/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so


I get this error with any dynamic preprocessor enabled in

snort.conf.


I've reviewed  the documentation and could find nothing

indicating the

correct format for the 'dynamic-*' options for snort.conf

(the command

line is well documented...) and I reviewed the list and

forums with no

luck on a solution.

Cheers,


James Friesen, CIO

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFvqufRMg8qN6NZpARAqNcAKCVWgarRFvq/SlqFCpTHqsE7CrpNgCePpm+
Lfu/SPA57O/2OCvCh2DyP/I=
=W+AH
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFwTRHRMg8qN6NZpARAvQOAJ9oZKbeU8LrdZPWc635ocN8Mhk9lwCgp6K8
4YIKkCx5/af5Wwq59YqV/fQ=
=IJFB
-----END PGP SIGNATURE-----



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Dynamic Preprocessor Errors info+lucretia.ca (Jan 29)
- Re: Dynamic Preprocessor Errors Matthew Watchinski (Jan 29)
- Re: Dynamic Preprocessor Errors Jason (Jan 31)
- <Possible follow-ups>
- Re: Dynamic Preprocessor Errors info+lucretia.ca (Jan 29)
  - Re: Dynamic Preprocessor Errors info+lucretia.ca (Jan 31)
    - Re: Dynamic Preprocessor Errors Matthew Watchinski (Jan 31)
    - Re: Dynamic Preprocessor Errors info+lucretia.ca (Feb 06)