Snort mailing list archives

Re: 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu)

From: Mike Pilkington <mpilking () gmail com>
Date: Sat, 14 Nov 2009 13:01:50 -0600

Thanks for your advice.  This fixed my problem.

On 11/14/09, Nigel Houghton <nhoughton () sourcefire com> wrote:

On Fri, Nov 13, 2009 at 7:55 PM, Mike Pilkington <mpilking () gmail com> wrote:

Hi,

I've compiled Snort 2.8.5.1 on 64-bit Ubuntu 8.04 Server.  The build
process went smoothly as far as I could tell.  But when I started
Snort, I get the following error:

<snip>

PortVar 'DCERPC_BRIGHTSTORE' defined :  [ 6503:6504 ]
Detection:
  Search-Method = AC-BNFA-Q
Tagged Packet Limit: 256
Loading dynamic engine
/usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Loading dynamic detection library
/usr/local/lib/snort_dynamicrules/bad-traffic.so... ERROR: Failed to
load /usr/local/lib/snort_dynamicrules/bad-traffic.so:
/usr/local/lib/snort_dynamicrules/bad-traffic.so: wrong ELF class:
ELFCLASS32
Fatal Error, Quitting..

</snip>

I found a posting from 2007 regarding this issue and it seemed to be a
bug that was fixed in 2.7.0-6
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439642).

Commenting out "dynamicengine
/usr/lib/snort_dynamicengine/libsf_engine.so", as suggested in the
posting, does not help.  However, if I comment out all the dynamic
rule libraries, Snort runs fine.  But of course I'd like to have the
dynamic rules available.

Any ideas how I this can be fixed?

Thanks for your time,
Mike

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



You are trying to load 32bit objects on a 64bit system. Use the
correct shared object rules from the rule tarball.

 so_rules/precompiled/Ubuntu-8.04/x86-64/2.8.5.1/

--
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

32-bit dynamic rules libraries on 64-bit Linux (Ubuntu) Mike Pilkington (Nov 13)
- Re: 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu) David Gomes (Nov 14)
- Re: 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu) Nigel Houghton (Nov 14)
  - Re: 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu) Mike Pilkington (Nov 14)