Snort mailing list archives
Re: Snort 2.9.0.3 Now Available
From: vincent () cojot name
Date: Mon, 3 Jan 2011 19:20:24 +0100 (CET)
Hi everyone, I tracked it down some more tonight. The snort spec file uses a sample snort.conf config file from the tarball distribution. Somehow, the sample snort.conf provided with the tarball changed a lot between 2.9.0.2 and 2.9.0.3: $ gtar xzf snort-2.9.0.2.tar.gz $ gtar xzf snort-2.9.0.3.tar.gz $ diff -b snort-2.9.0.2/etc/snort.conf snort-2.9.0.3/etc/snort.conf |head -20 13c13 < # VERSIONS : 2.9.0 ---
# VERSIONS : 2.9.0.3
16c16 < # OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib ---
# OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
29a30,31
# 8) Customize preprocessor and decoder rule set # 9) Customize shared object rule set
37c39 < var HOME_NET any ---
ipvar HOME_NET any
40c42 < var EXTERNAL_NET any ---
ipvar EXTERNAL_NET any
43c45 [.......] This explains why Azher had this problem with my 2.9.0.2 rpms and not with the 2.9.0.3 rpms. I'm currently re-working the snort.spec to allow building sets of non-ipv6 rpms and ipv6-enabled rpms but I'm left wondering why the BASE_CONFIG options in the spec file were left to just this: [....] --enable-decoder-preprocessor-rules --enable-targetbased Would it be safe to use more options in these rpms (like --enable-mpls --enable-ppm --enable-perfprofiling)? Any ideas welcomed, Vincent On Sun, 26 Dec 2010, Azher Mughal wrote:
Hi Vincent, Are these rpms built with ipv6 ? I am getting ipvar error and someone earlier suggested that ipv6 should be compiled in to get ipvar Dec 26 07:27:24 twin-16-20 snort[32039]: --== Initializing Snort ==-- Dec 26 07:27:24 twin-16-20 snort[32039]: Initializing Output Plugins! Dec 26 07:27:24 twin-16-20 snort[32039]: Initializing Preprocessors! Dec 26 07:27:24 twin-16-20 snort[32039]: Initializing Plug-ins! Dec 26 07:27:24 twin-16-20 snort[32039]: Parsing Rules file "/etc/snort/snort.conf" Dec 26 07:27:24 twin-16-20 snort[32039]: FATAL ERROR: /etc/snort/snort.conf(39) Unknown rule type: ipvar. Dec 26 07:27:24 twin-16-20 snort[32039]: FATAL ERROR: /etc/snort/snort.conf(39) Unknown rule type: ipvar. Thanks -Azher On 12/21/2010 5:56 AM, vincent () cojot name wrote:Hi Joel, Thanks for this updated release. I've rebuilt the rpms for RHEL5/CENTOS5 at the usual place: http://vscojot.free.fr/dist/snort/snort-2.9.0.3 These rpms are: http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/SRPMS/daq-0.5-6.el5.src.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/SRPMS/libdnet-1.12-7.el5.src.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/SRPMS/libpcap1-1.1.1-8.el5.src.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/SRPMS/snort-2.9.0.3-6.el5.src.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386 http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/daq-0.5-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/daq-debuginfo-0.5-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libdnet-1.12-7.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libdnet-debuginfo-1.12-7.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libdnet-devel-1.12-7.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libdnet-progs-1.12-7.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libpcap1-1.1.1-8.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libpcap1-debuginfo-1.1.1-8.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/libpcap1-devel-1.1.1-8.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/snort-2.9.0.3-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/snort-debuginfo-2.9.0.3-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/snort-mysql-2.9.0.3-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/snort-postgresql-2.9.0.3-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/i386/snort-unixODBC-2.9.0.3-6.el5.i386.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64 http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/daq-0.5-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/daq-debuginfo-0.5-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libdnet-1.12-7.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libdnet-debuginfo-1.12-7.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libdnet-devel-1.12-7.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libdnet-progs-1.12-7.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libpcap1-1.1.1-8.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-8.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/libpcap1-devel-1.1.1-8.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/snort-2.9.0.3-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/snort-debuginfo-2.9.0.3-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/snort-mysql-2.9.0.3-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/snort-postgresql-2.9.0.3-6.el5.x86_64.rpm http://vscojot.free.fr/dist/snort/snort-2.9.0.3/RHEL5/x86_64/snort-unixODBC-2.9.0.3-6.el5.x86_64.rpm Please let me know if you have issues/trouble/etc.. with these.. Regards, Vincent
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.9.0.3 Now Available Joel Esler (Jan 03)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 03)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 04)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 04)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 07)
- Re: Snort 2.9.0.3 Now Available anvin igcar (Jan 07)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 04)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 03)
- <Possible follow-ups>
- Re: Snort 2.9.0.3 Now Available vincent (Jan 03)