Snort mailing list archives

Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH)

From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Thu, 7 May 2020 14:18:04 +0000

Please check now?  We’ve verified it is in open source’s builds.

On May 6, 2020, at 3:01 AM, Noah Dietrich <noah_dietrich () 86penny org> wrote:

Hi Joel,

I just downloaded the snortrules-snapshot-3000.tar.gz, and unless i'm doing something wrong I don't think that the 
snort.lua was updated to fix this bug.
thanks
noah


On Mon, May 4, 2020 at 8:25 PM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote:
Correct, it would not be fixed until the next rule publish (Tuesday, tomorrow)

On May 4, 2020, at 2:02 PM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> wrote:

Hi Joel,

I just downloaded the latest version from snort.org/downloads <http://snort.org/downloads> 
(snortrules-snapshot-3000.tar.gz), and it has not been updated (still has the issue)
Thanks
Noah

On Sun, May 3, 2020 at 4:09 AM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote:
Hey Noah,

I have been told by my team that this has been fixed.


-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com <http://www.talosintelligence.com/> | https://www.snort.org <https://www.snort.org/>

On Apr 26, 2020, at 10:29 AM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> 
wrote:

Hello,
While testing the Registered ruleset with snort 3.0.1 b2, I found a bug with the latest 3.0 rules:  
snortrules-snapshot-3000.tar.gz.

for the snort.lua file included in this ruleset, it still references the old SNORT_LUA_PATH.  I found that if you 
remove the following lines from this file
require('snort_config')

conf_dir = os.getenv('SNORT_LUA_PATH')

if ( not conf_dir ) then
   conf_dir = '.'
end

dofile(conf_dir .. '/snort_defaults.lua')
dofile(conf_dir .. '/file_magic.lua')

and add these lines (From the latest snort.lua generated by the make process):
include 'snort_defaults.lua'
include 'file_magic.lua'

everything works perfectly.

Noah
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org <mailto:Snort-devel () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-devel <https://lists.snort.org/mailman/listinfo/snort-devel>

Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!

Attachment: smime.p7s
Description:

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Russ Combs (rucombs) via Snort-devel (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 02)
  - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 04)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 06)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 07)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)