Snort mailing list archives
Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH)
From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Wed, 6 May 2020 09:01:35 +0200
Hi Joel, I just downloaded the snortrules-snapshot-3000.tar.gz, and unless i'm doing something wrong I don't think that the snort.lua was updated to fix this bug. thanks noah On Mon, May 4, 2020 at 8:25 PM Joel Esler (jesler) <jesler () cisco com> wrote:
Correct, it would not be fixed until the next rule publish (Tuesday, tomorrow) On May 4, 2020, at 2:02 PM, Noah Dietrich <noah_dietrich () 86penny org> wrote: Hi Joel, I just downloaded the latest version from snort.org/downloads (snortrules-snapshot-3000.tar.gz), and it has not been updated (still has the issue) Thanks Noah On Sun, May 3, 2020 at 4:09 AM Joel Esler (jesler) <jesler () cisco com> wrote:Hey Noah, I have been told by my team that this has been fixed. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com | https://www.snort.org On Apr 26, 2020, at 10:29 AM, Noah Dietrich <noah_dietrich () 86penny org> wrote: Hello, While testing the Registered ruleset with snort 3.0.1 b2, I found a bug with the latest 3.0 rules: * snortrules-snapshot-3000.tar.gz.* for the *snort.lua *file included in this ruleset, it still references the old *SNORT_LUA_PATH*. I found that if you remove the following lines from this file require('snort_config') conf_dir = os.getenv('SNORT_LUA_PATH') if ( not conf_dir ) then conf_dir = '.' end dofile(conf_dir .. '/snort_defaults.lua') dofile(conf_dir .. '/file_magic.lua') and add these lines (From the latest snort.lua generated by the make process): include 'snort_defaults.lua' include 'file_magic.lua' everything works perfectly. Noah _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Russ Combs (rucombs) via Snort-devel (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 02)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 04)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 06)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)