Snort mailing list archives
Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH)
From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Thu, 7 May 2020 21:10:47 +0000
Hey Noah, Thanks for your response! -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com | https://www.snort.org
On May 7, 2020, at 1:24 PM, Noah Dietrich <noah_dietrich () 86penny org> wrote: Hi Joel, I have verified that this is fixed. thank you Noah On Thu, May 7, 2020 at 4:18 PM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: Please check now? We’ve verified it is in open source’s builds.On May 6, 2020, at 3:01 AM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> wrote: Hi Joel, I just downloaded the snortrules-snapshot-3000.tar.gz, and unless i'm doing something wrong I don't think that the snort.lua was updated to fix this bug. thanks noah On Mon, May 4, 2020 at 8:25 PM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: Correct, it would not be fixed until the next rule publish (Tuesday, tomorrow)On May 4, 2020, at 2:02 PM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> wrote: Hi Joel, I just downloaded the latest version from snort.org/downloads <http://snort.org/downloads> (snortrules-snapshot-3000.tar.gz), and it has not been updated (still has the issue) Thanks Noah On Sun, May 3, 2020 at 4:09 AM Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: Hey Noah, I have been told by my team that this has been fixed. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com <http://www.talosintelligence.com/> | https://www.snort.org <https://www.snort.org/>On Apr 26, 2020, at 10:29 AM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> wrote: Hello, While testing the Registered ruleset with snort 3.0.1 b2, I found a bug with the latest 3.0 rules: snortrules-snapshot-3000.tar.gz. for the snort.lua file included in this ruleset, it still references the old SNORT_LUA_PATH. I found that if you remove the following lines from this file require('snort_config') conf_dir = os.getenv('SNORT_LUA_PATH') if ( not conf_dir ) then conf_dir = '.' end dofile(conf_dir .. '/snort_defaults.lua') dofile(conf_dir .. '/file_magic.lua') and add these lines (From the latest snort.lua generated by the make process): include 'snort_defaults.lua' include 'file_magic.lua' everything works perfectly. Noah _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org <mailto:Snort-devel () lists snort org> https://lists.snort.org/mailman/listinfo/snort-devel <https://lists.snort.org/mailman/listinfo/snort-devel> Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!
Attachment:
smime.p7s
Description:
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Russ Combs (rucombs) via Snort-devel (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 02)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 04)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 06)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)