Snort mailing list archives
Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz)
From: wkitty42 () windstream net
Date: Thu, 18 Feb 2016 06:24:44 -0500
On 02/18/2016 05:18 AM, Balasubramaniam Natarajan wrote:
On Tue, Feb 16, 2016 at 10:54 PM, <wkitty42 () windstream net> wrote: IIRC, compiling them should be as simple as running make... that means a build environment which is generally undesirable on a security device but one could easily have a central server that pulls the rules, compiles the so_rules and then all the sensors pull from that central server instead of from outside servers... I don't think Sourcefire or now Cisco would ship the source code of those. That is why they were shipping the precompiled versions of those.
you might want to take a closer look at the rules snapshot files, then... in the ones i have available here, there is a so_rules/src directory with 166 .c and .h files along with a make file, readme and a test.conf file... looking in the so_rules/precompiled directory, i see 32 .so files in each one... how the make process puts them all together is majik to me ;) granted, not all precompiled rules have their sources in the src directory but a lot of them appear to... i haven't tried building them in a while so i don't know how many .so files will be generated and my build environment where i used to play with this stuff is old and outdated now... one should look at the makefile and ensure that they compile what they need (eg: --enable-non-ether-encoders requires changes) when they compile their snort and the shared object rules to go with it...
I do agree to your second statement of not having build environment on security devices.
thank you :) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) Balasubramaniam Natarajan (Feb 16)
- Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) wkitty42 (Feb 16)
- Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) Balasubramaniam Natarajan (Feb 18)
- Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) wkitty42 (Feb 18)
- Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) Balasubramaniam Natarajan (Feb 18)
- Re: Precomplies so_rules for debian 8 (snortrules-snapshot-2980.tar.gz) wkitty42 (Feb 16)