Snort mailing list archives
Re: Missing shared object files in snapshot download file
From: Y M <snort () outlook com>
Date: Sun, 24 Aug 2014 14:16:17 +0000
From: greg.mcnathansonsnuf003 () gmx-topmail de To: snort () outlook com CC: snort-users () lists sourceforge net Subject: Aw: RE: [Snort-users] Missing shared object files in snapshot download file Date: Sat, 23 Aug 2014 23:05:12 +0200 Ah ok, I see. Thank you for your help YM.
No problem! Can you verify at your end if you are seeing the same? YM
Greg Gesendet: Samstag, 23. August 2014 um 21:55 Uhr Von: "Y M" <snort () outlook com> An: "greg.mcnathansonsnuf003 () gmx-topmail de" <greg.mcnathansonsnuf003 () gmx-topmail de> Cc: snort-users <snort-users () lists sourceforge net> Betreff: RE: [Snort-users] Missing shared object files in snapshot download file Which version/date of the rules are you running? The reason I am asking is this: The ruleset released until the 19 August contained the new the shared objected categories: dev@box:/tmp# ls -l old/snortrules-snapshot-2962.tar.gz -rwxrwxrwx 1 dev dev 33080965 Aug 21 10:34 snortrules-snapshot-2962.tar.gz dev@box:/tmp$ md5sum old/snortrules-snapshot-2962.tar.gz 2b84e9aee0f2eaf32e51a1375ec824f5 The ruleset released on the 21 August was stripped out of these new shared object rules: dev@box:/tmp# ls -l new/snortrules-snapshot-2962.tar.gz -rwxrwxrwx 1 dev dev 25374704 Aug 21 10:34 snortrules-snapshot-2962.tar.gz dev@box:/tmp$ md5sum new/snortrules-snapshot-2962.tar.gz 9ddb9552995f5c637d11d690623bf414 snortrules-snapshot-2962.tar.gz Note the size difference. This is also evident if you list (ls -l) the so_rules directory of both rulesets. The old one definitely contains the categories as specified by the blog post, the newer one does not. If your rules stubs are individually included in snort.conf rather than the all-one-file (snort.rules) as generated by PulledPork, then the above could be the reason. YMFrom: greg.mcnathansonsnuf003 () gmx-topmail de To: snort-users () lists sourceforge net Date: Sat, 23 Aug 2014 19:48:30 +0200 Subject: [Snort-users] Missing shared object files in snapshot download file I read about the reconstruction of shared object rules in the blog. So I'm confused about the missing file report. (see below) .... Aug 23 19:22:40 c1 snort[801]: FATAL ERROR: /etc/snort//etc/snort/so_rules/browser-other.rules(0) Unable to open rules file "/etc/snort//etc/snort/so_rules/browser-other.rules": No such file or directo Aug 23 19:22:40 c1 snort[796]: Starting snort: [FAILED] Aug 23 19:22:40 c1 snort[805]: Stopping snort: [FAILED] Aug 23 19:22:40 c1 systemd[1]: Started Snort IDS system. ... The stub file couldn't be generated because the browser-other.so file isn't delivered in the latest snapshot download file. There are more files missing not only browser-other.so. I expected all files listed in the blog to be included in the snapshot download file. Is this a planned measurement of the reconstruction of shared object rules? Greg ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users[https://lists.sourceforge.net/lists/listinfo/snort-users] Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users[http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users] Please visit http://blog.snort.org[http://blog.snort.org] to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Missing shared object files in snapshot download file greg . mcnathansonsnuf003 (Aug 23)
- Re: Missing shared object files in snapshot download file Y M (Aug 23)
- Re: Missing shared object files in snapshot download file greg . mcnathansonsnuf003 (Aug 23)
- Re: Missing shared object files in snapshot download file Y M (Aug 24)
- Re: Missing shared object files in snapshot download file Y M (Aug 26)
- Re: Missing shared object files in snapshot download file Joel Esler (jesler) (Aug 27)
- Re: Missing shared object files in snapshot download file greg . mcnathansonsnuf003 (Aug 23)
- Re: Missing shared object files in snapshot download file Y M (Aug 23)