Snort mailing list archives
Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/)
From: "Justin Heath" <justin.heath () gmail com>
Date: Mon, 30 Oct 2006 15:16:48 -0500
In case anyone is interested you can grab the current so rules from the current VRT rulepack. so_rules/bad-traffic.c so_rules/dos.c so_rules/exploit.c so_rules/p2p.c Cheers, Justin On 10/30/06, Justin Heath <justin.heath () gmail com> wrote:
No problem. Nope, it's just an example. Also, if you don't have any dynamic rules enabled you don't need the dynamic engine turned on. Cheers, Justin On 10/30/06, Eric Hines <eric.hines () appliedwatch com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ahh thanks. So its commented out by default and at some point the comment was removed from my file. So Sourcefire isn't going to create and distribute this example .SO file? Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 221 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 Fax: (847) 854-5106 Cell: (847) 456-6785 Web: www.appliedwatch.com Justin Heath wrote:It looks like you are trying to load an example dynamic rule. This is purely an example for those who want to create an example rule it is not meant to be loaded. On 10/30/06, * Eric Hines* <eric.hines () appliedwatch com <mailto:eric.hines () appliedwatch com >> wrote: All, Has anyone here moved from Snort 2.6.0.x to Snort 2.6.1 yet? By default, the following dynamic directories are created in /usr/local/lib: /usr/local/lib/snort_dynamicengine /usr/local/lib/snort_dynamicpreprocessor However, when enabling all of the options in the new DNS Preprocessor it causes Snort to fail with the error: Rule application order:->activation->dynamic->pass->drop->sdrop->reject->alert->logLog directory =/usr/local/appliedwatch/agent/data/agent.RyupiI/var/snort/logLoading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so...doneLoading all dynamic detection libs from /usr/local/lib/snort_dynamicrule/... Warning: Directory /usr/local/lib/snort_dynamicrule/does not exist!Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrule/ Loading dynamic detection library/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so... ERROR:Failed to load/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so:/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so: cannot openshared object file: No such file or directory Fatal Error, Quitting.. The odd thing is that the/usr/local/lib/snort_dynamicrule directory isnot created during the Snort installation. Fine if the directory must be created manually, but where do I get the libdynamicexamplerule.so file from?--------------------------------------------------------------------------Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642<http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto: Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.orgiD8DBQFFRkS71va6QYTV0EMRAltQAJwI19sp0kt/NhE8xthjEYRNC85BiACgmMbkpExInptoRbWzgFnLdFWW4iM= =oBNL -----END PGP SIGNATURE-----
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Eric Hines (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Justin Heath (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Justin Heath (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Eric Hines (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Justin Heath (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Justin Heath (Oct 30)
- Re: Snort 2.6.1 Beta 2 Question (snort_dynamicrule/) Justin Heath (Oct 30)