Snort mailing list archives

Re: still fighting with so_rules

From: "Nathaniel Richmond" <nate+snort () richmond-family org>
Date: Sat, 11 Jul 2009 16:21:24 -0400

I haven't tried the Fedora rules on RHEL as Nigel suggested, but the
CentOS 32-bit SO rules work fine on 32-bit RHEL. There are CentOS 4
and 5 rules, which correspond to RHEL 4 and 5.

Nate

Russell Fulton wrote:

I see to my dismay that the only precompiled rules for rhe are for
64
bit 5.0.   Our standard corporate image is 5.3 (32 bit ?).  Having
finally got one of my sensors upgraded (from reh 3) I get this
error:

FATAL ERROR: Failed to load /home/snort/Rules/so_rules/bad-
traffic.so: /home/snort/Rules/so_rules/bad-traffic.so: wrong ELF
class: ELFCLASS64

Google indicates that this is indeed caused by incompatibilities
between 32 and 64bit binaries.

I'm getting rather peeved that sourcefire accepted my $1200 and has
so
far failed to deliver anything that I can use in the way of compiled
rules.

I won't be renewing VRT subscription.

Russell

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited
time,
vendors submitting new applications to BlackBerry App World(TM) will
have
the opportunity to enter the BlackBerry Developer Challenge. See
full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

still fighting with so_rules Russell Fulton (Jul 11)
- Re: still fighting with so_rules Nigel Houghton (Jul 11)
- <Possible follow-ups>
- Re: still fighting with so_rules Nathaniel Richmond (Jul 11)
  - Re: still fighting with so_rules Russell Fulton (Jul 12)