Snort mailing list archives
Re: Missing all dynamic files - snort won't start
From: "Josh Rosenbaum (jrosenba)" <jrosenba () cisco com>
Date: Mon, 10 Nov 2014 19:52:03 +0000
Hi Elof,
There has only been one minor update to Snort¹s installation directories
between 2.9.6 and 2.9.7 and that update did not effect whether libraries
are installed into ¹snort/dynamicpreprocessor¹ or
Œsnort_dynamicpreprocessor¹. In case you are interested, the update
effected all of the dynamic preprocessors. For those libraries, the update
changed the installation directory from
'${exec_prefix}/lib/snort_dynamicpreprocessor' to
'${libdir}/snort_dynamicpreprocessor'. So, the dynamic preprocessors have
not moved to a new installation directory and they are still located in
snort_dynamicpreprocessor, not ¹snort/dynamicpreprocessor¹. Since none of
the installation directories have changed, I am unsure why your
configuration refers to the location Œlib/snort/dynamic*'.
Also, you are correct that the three libraries libsf_dynamic_output.la,
libsf_dynamic_preproc.la, and libsf_dynamic_side_channel get installed
into lib/snort/dynamic* directories. However, I checked version 2.9.5 and
2.9.6 and the installation directories have not been changed.
Regarding your questions about the snort configuration file, I have just
downloaded a couple versions of Snort 2.9.7 from snort.org and both
versions have the following lines within their snort.conf:
###################################################
# Step #4: Configure dynamic loaded libraries.
# For more information, see Snort Manual, Configuring Snort - Dynamic
Modules
###################################################
# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
# path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
# path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules
###################################################
Is the package which contains the following lines a download from
snort.org? If it is, can you please point me towards the correct binary
so that I can update the example configuration file?
dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
Josh
On 11/10/14, 8:31 AM, "elof () sentor se" <elof () sentor se> wrote:
Hi Ryan! I've got no response to my bugreport below. Today's run with poudriere still produce the erroneous package with /usr/local/lib/snort_dynamicengine/ and /usr/local/lib/snort_dynamicpreprocessor/ This will make snort terminate with a fatal error. Can you please fix ASAP so that one can keep updating ones FreeBSD boxes? /Elof On Thu, 6 Nov 2014, elof () sentor se wrote:Hi Ryan! Any thoughts to my previous email? Here's a diff between the contents of the new and old FreeBSD ports package: diff -y --suppress-common-lines /tmp/snort-2.9.7.0.txz.list /tmp/snort-2.9.6.2.txz.list /usr/local/share/licenses/snort-2.9.7.0/catalog.mk | /usr/local/share/licenses/snort-2.9.6.2/catalog.mk /usr/local/share/licenses/snort-2.9.7.0/LICENSE | /usr/local/share/licenses/snort-2.9.6.2/LICENSE /usr/local/share/licenses/snort-2.9.7.0/GPLv2 | /usr/local/share/licenses/snort-2.9.6.2/GPLv2 /usr/local/include/snort/dynamic_preproc/appId.h < /usr/local/include/snort/dynamic_preproc/file_mail_common.h < /usr/local/include/snort/dynamic_preproc/mpse_methods.h < /usr/local/include/snort/dynamic_preproc/packet_time.h < /usr/local/include/snort/dynamic_preproc/session_api.h < /usr/local/include/snort/dynamic_preproc/sfdebug.h < /usr/local/include/snort/dynamic_preproc/sidechannel_define.h < /usr/local/include/snort/dynamic_preproc/sip_common.h < /usr/local/include/snort/dynamic_preproc/ssl_config.h < /usr/local/include/snort/dynamic_preproc/ssl_ha.h < /usr/local/include/snort/dynamic_preproc/ssl_include.h < /usr/local/include/snort/dynamic_preproc/ssl_inspect.h < /usr/local/include/snort/dynamic_preproc/ssl_session.h < /usr/local/lib/snort_dynamicengine/libsf_engine.a | /usr/local/lib/snort/dynamicengine/libsf_engine.a /usr/local/lib/snort_dynamicengine/libsf_engine.so | /usr/local/lib/snort/dynamicengine/libsf_engine.so /usr/local/lib/snort_dynamicengine/libsf_engine.so.0 | /usr/local/lib/snort/dynamicengine/libsf_engine.so.0 /usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0 | /usr/local/lib/snort/dynamicengine/libsf_engine.so.0.0.0 /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep | /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep | /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep | /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep | /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc | /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc | /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc | /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc | /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre | /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre | /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre | /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre | /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s | /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so | /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so /usr/local/share/doc/snort/OpenDetectorDeveloperGuide.pdf < /usr/local/share/doc/snort/README.appid < > /usr/local/share/doc/snort/README.rzb_saac /usr/local/src/snort_dynamicsrc/appId.h < /usr/local/src/snort_dynamicsrc/file_mail_common.h < /usr/local/src/snort_dynamicsrc/mpse_methods.h < /usr/local/src/snort_dynamicsrc/session_api.h < /usr/local/src/snort_dynamicsrc/sfdebug.h < /usr/local/src/snort_dynamicsrc/sfparser.c < /usr/local/src/snort_dynamicsrc/sidechannel_define.h < /usr/local/src/snort_dynamicsrc/sip_common.h < /usr/local/src/snort_dynamicsrc/ssl.c < /usr/local/src/snort_dynamicsrc/ssl.h < /usr/local/src/snort_dynamicsrc/ssl_config.c < /usr/local/src/snort_dynamicsrc/ssl_config.h < /usr/local/src/snort_dynamicsrc/ssl_ha.c < /usr/local/src/snort_dynamicsrc/ssl_ha.h < /usr/local/src/snort_dynamicsrc/ssl_include.h < /usr/local/src/snort_dynamicsrc/ssl_inspect.c < /usr/local/src/snort_dynamicsrc/ssl_inspect.h < /usr/local/src/snort_dynamicsrc/ssl_session.h < > /usr/local/lib/snort/dynamicpreprocessor/ > /usr/local/lib/snort/dynamicengine/ The packages were built using these options: cat poudriere.d/100amd64-options/security_snort/options # This file is auto-generated by 'make config'. # Options for snort-2.9.7.0 _OPTIONS_READ=snort-2.9.7.0 _FILE_COMPLETE_OPTIONS_LIST=DOCS GRE IPV6 LRGPCAP NONETHER NORMALIZER PERFPROFILE REACT SOURCEFIRE ZLIB BARNYARD PULLEDPORK DBGSNORT OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=GRE OPTIONS_FILE_UNSET+=IPV6 OPTIONS_FILE_UNSET+=LRGPCAP OPTIONS_FILE_UNSET+=NONETHER OPTIONS_FILE_SET+=NORMALIZER OPTIONS_FILE_SET+=PERFPROFILE OPTIONS_FILE_UNSET+=REACT OPTIONS_FILE_UNSET+=SOURCEFIRE OPTIONS_FILE_SET+=ZLIB OPTIONS_FILE_UNSET+=BARNYARD OPTIONS_FILE_UNSET+=PULLEDPORK OPTIONS_FILE_UNSET+=DBGSNORT BTW, I see that the options have changed in the 2.9.7.0 port. These two options have disappeared: OPTIONS_FILE_UNSET+=MPLS OPTIONS_FILE_UNSET+=TARGETBASED Is this as intended? I think they should not be removed. Can you please add them back? ( In fact, there are more options that should be selectable. Not that I need any of them right now, but for correctness and for the future, they should be added and selectable IMHO. Here's a full list of options from snort 2.9.7.0 source: Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-64bit-gcc Try to compile 64bit (only tested on Sparc Solaris 9 and 10). --enable-so-with-static-lib Enable linking of dynamically loaded preprocessors with a static preprocessor library --enable-control-socket Enable the control socket --enable-side-channel Enable the side channel (Experimental) --disable-static-daq Link static DAQ modules. --enable-build-dynamic-examples Enable building of example dynamically loaded preprocessor and rule (off by default) --disable-dlclose Only use if you are developing dynamic preprocessors or shared object rules. Disable (--disable-dlclose) for testing valgrind leaks in dynamic libraries so a usable backtrace is re$ --disable-lzma Disable LZMA Decompression --disable-gre Disable GRE and IP in IP encapsulation support --disable-mpls Disable MPLS support --disable-targetbased Disable Target-Based Support in Stream, Frag, and Rules (adds pthread support implicitly) --disable-ppm Disable packet/rule performance monitor --disable-perfprofiling Disable preprocessor and rule performance profiling --enable-linux-smp-stats Enable statistics reporting through proc --enable-inline-init-failopen Enable Fail Open during initialization for Inline Mode (adds pthread support implicitly) --disable-pthread Disable pthread support --enable-debug-msgs Enable debug printing options (bugreports and developers only) --enable-debug Enable debugging options (bugreports and developers only) --enable-gdb Enable gdb debugging information --enable-profile Enable profiling options (developers only) --disable-ppm-test Disable packet/rule performance monitor --enable-sourcefire Enable Sourcefire specific build options, encompasing --enable-perfprofiling and --enable-ppm --disable-corefiles Prevent Snort from generating core files --disable-active-response Disable reject injection --disable-normalizer Disable packet/stream normalizations --disable-reload Disable reloading a configuration without restarting --disable-reload-error-restart Disable restarting on reload error --enable-ha Enable high-availability state sharing (Experimental) --enable-non-ether-decoders Enable non Ethernet decoders. --disable-react Disable interception and termination of offending HTTP accesses --disable-flexresp3 Disable flexible responses (v3) on hostile connection attempts --enable-intel-soft-cpm Enable Intel Soft CPM support --enable-shared-rep Enable use of Shared Memory for Reputation (Linux only) --enable-large-pcap Enable support for pcaps larger than 2 GB --enable-file-inspect Build with extended file inspection features. (Experimental) --enable-open-appid Build with application id support. (Experimental) ) /Elof ---------- Forwarded message ---------- From: elof () sentor se To: snort-devel mailinglist <snort-devel () lists sourceforge net> Cc: zi () FreeBSD org Date: Wed, 5 Nov 2014 18:15:45 +0100 (CET) Subject: [Snort-devel] Missing all dynamic files - snort won't start ERROR: /foo/etc/snort.conf(125) Could not stat dynamic module path "/usr/local/lib/snort/dynamicengine/libsf_engine.so": No such file or directory. Fatal Error, Quitting.. I don't know if this is a FreeBSD ports issue or something new in snort 2.9.7.0 in general, but it seems all the dynamic libs have moved. So, my snort.conf expect to find its libs here: /usr/local/lib/snort/dynamic_output /usr/local/lib/snort/dynamic_preproc /usr/local/lib/snort/dynamicengine /usr/local/lib/snort/dynamicpreprocessor ...while the new snort package puts some here: /usr/local/lib/snort/dynamic_output/libsf_dynamic_output.a /usr/local/lib/snort/dynamic_preproc/libsf_dynamic_preproc.a ...and the rest of the files here: /usr/local/lib/snort_dynamicengine/* /usr/local/lib/snort_dynamicpreprocessor/* 1) Is this a typo, where snort_dynamicengine and snort_dynamicpreprocessor should have a slash instead of an underscore ? If not, why move *some* files to new dirs? Confusing. 2) The snort.conf included in the package contain the same configuration statements as I use in my current snort.conf: dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so The dir /usr/local/lib/snort/dynamicpreprocessor/ is empty and /usr/local/lib/snort/dynamicengine/libsf_engine.so does not exist. So either fix the paths in 1) or update the example snort.conf included in the package with correct paths. 3) If this wasn't a typo and files have really moved, please make a note of it in the ports/UPDATING log, since this is a major change that will cause snort to quit with a fatal error. (last log entry is 20120723 when the database output module got deprecated) /Elof ------------------------------------------------------------------------- ----- _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------- ----- _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!-------------------------------------------------------------------------- ---- _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing all dynamic files - snort won't start (fwd) elof (Nov 06)
- Re: Missing all dynamic files - snort won't start elof (Nov 10)
- Re: Missing all dynamic files - snort won't start Josh Rosenbaum (jrosenba) (Nov 10)
- Re: Missing all dynamic files - snort won't start elof (Nov 10)