Re: Error Compiling Snort 2.9.11.1

[Y M via Snort-users <snort-users () lists snort org>]

You have "appid_event_type" in your configuration, where it should be "appid_event_types". Have a look at README.appid 
under /doc within Snort source tarball.

YM

________________________________
From: Lucas Miguel (_theHarvester) <alcides.romeu () gmail com>
Sent: Friday, June 29, 2018 9:42 AM
To: Y M
Cc: snort-users () lists snort org
Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1

Worked just fine.

Thanks in advance.

I’ve inserted the bellow line in snort.conf file and when testing it’s rising fatal error.

output unified2: filename snort.u2, limit 128, appid_event_type

ERROR:

Log directory = /var/log/snort
ERROR: Argument Error in /etc/snort/snort.conf(527): appid_event_type
Fatal Error, Quitting..


Regards,
Alcides

On Jun 28, 2018, at 3:58 PM, Y M via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort 
org>> wrote:

It is definitely not the same error. The error in this case is in

libsf_appid_preproc_la-service_ssl.lo

The previous errors were in different files. This is good because it means the past errors are fixed, hopefully.

This new error is mostly related to the fact that the OpenSSL/libssl packages in Ubuntu 18.04 are of version >=1.1.  In 
this case, remove OpenSSL and libssl and downgrade to libssl 1.0.2 via

apt-get install libssl1.0-dev

Or something similar.After that try make again. I guess this happens because OpenAppID relies on SSL libraries/API that 
have changed in the newer version of OpenSSL/libssl. I guess OpenAppID needs to be updated to handle the new changes in 
libssl, simply a guess

Please test this and let us know.

________________________________
From: Lucas Miguel (_theHarvester) <alcides.romeu () gmail com<mailto:alcides.romeu () gmail com>>
Sent: Thursday, June 28, 2018 5:48 PM
To: Y M
Cc: snort-users () lists snort org<mailto:snort-users () lists snort org>
Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1

Hello,

I’ve retried and I think that the error continues the same.

   16  sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev
   17  sudo apt-get install -y libnghttp2-dev
   18  sudo apt-get install -y pkg-config openssl libssl-dev
   22  wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
   23  tar xzvf libdnet-1.11.tar.gz
   24  cd libdnet-1.11/
   25  ./configure
   26  make
   27  sudo make install
   28  cd ..
   29  tar xzvf LuaJIT-2.0.5.tar.gz
   30  cd LuaJIT-2.0.5/
   31  make
   32  sudo make install
   33  wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
   34  ls
   35  cp daq-2.0.6.tar.gz ~/snort_src/
   36  rm daq-2.0.6.tar.gz
   37  ls
   38  cd ..
   39  ls
   40  tar -xzvf daq-2.0.6.tar.gz
   41  cd daq-2.0.6/
   42  ls
   43  ./configure
   44  make
   45  sudo make install
   46  sudo ldconfig
   47  cd ..
   48  ls
   49  wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz
   50  tar -zxvf snort-2.9.11.1.tar.gz
   51  cd snort-2.9.11.1/
   52  ./configure --enable-sourcefire --enable-open-appid
   53  make



../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c: In function ‘parse_certificates’:
../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:488:32: error: dereferencing pointer to 
incomplete type ‘X509 {aka struct x509_st}’
             start = strstr(cert->name, COMMON_NAME_STR);
                                ^~
Makefile:855: recipe for target 'libsf_appid_preproc_la-service_ssl.lo' failed
make[5]: *** [libsf_appid_preproc_la-service_ssl.lo] Error 1
make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
Makefile:1036: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:807: recipe for target 'all' failed
make[3]: *** [all] Error 2
make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:558: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
Makefile:516: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
Makefile:382: recipe for target 'all' failed
make: *** [all] Error 2



Regards,

Alcides

On Jun 28, 2018, at 3:03 PM, Y M via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort 
org>> wrote:

What is the operating system you are trying this on? I faced similar issues with newer Linux distros such as Ubuntu 
18.04.

Try removing all Lua packages installed from the repo, and then install LuaJIT from source as James suggested.

You may face additional issues with AppID and SSL. If you get to that point, please post the error message you get.

Thanks.
YM

________________________________
From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
Lucas Miguel (_theHarvester) via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Sent: Thursday, June 28, 2018 4:04:50 PM
To: Noah Dietrich
Cc: snort-users () lists snort org<mailto:snort-users () lists snort org>
Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1

Even after installing LuaJit and all other components it’s still failing the same exact error.

Regards,

On Jun 28, 2018, at 12:50 PM, Noah Dietrich <noah_dietrich () 86penny org<mailto:noah_dietrich () 86penny org>> wrote:

OpenAppID on ubuntu for snort 2.9.x requires the additional librarires:
sudoapt-getinstall-y libluajit-5.1-dev pkg-config openssl libssl-dev

Steps are here: http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/


On Thu, Jun 28, 2018 at 1:11 PM, James Lay <jlay () slave-tothe-box net<mailto:jlay () slave-tothe-box net>> wrote:
You're missing luajit:

http://luajit.org/download.html

your package manager may have it as well..make sure to install the -dev package as well.

James

On Thu, 2018-06-28 at 11:46 +0100, Lucas Miguel (_theHarvester) via Snort-users wrote:
Hello,

I’m compiling snort 2.9.11.1 with —enable-sourcefire —enable-open-appid option’s but when I issue the make command I 
receive the bellow error.


Makefile:702: recipe for target 'libsf_appid_preproc_la-luaDetectorApi.lo' failed
make[5]: *** [libsf_appid_preproc_la-luaDetectorApi.lo] Error 1
make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
Makefile:1036: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:807: recipe for target 'all' failed
make[3]: *** [all] Error 2
make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:558: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
Makefile:516: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
Makefile:382: recipe for target 'all' failed
make: *** [all] Error 2

Any help?

Regards,
Alcides

_______________________________________________

Snort-users mailing list

Snort-users () lists snort org<mailto:Snort-users () lists snort org>

Go to this URL to change user options or unsubscribe:

https://lists.snort.org/mailman/listinfo/snort-users


Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette