Re: Compile so rules in C language

[Patrick Mullen <pmullen () sourcefire com>]

Hello again, Mayur!

Most of the answer to your question is in the blog post I pointed you
to in July, located here --

http://vrt-blog.snort.org/2010/02/introduction-to-shared-object-rules.html

Once you've written the C the way you want it, to get it into snort is
fairly straightforward, assuming you've gotten your other Shared
Object rules to work.

1) make sure you follow the proper naming scheme for the file.  I'll
say to just call it "misc_mayur.c" to make it easy but the full
description is in the blog post.

2) put the SO rule, misc_mayur.c, into the directory with your other
shared object rules

3) type `make` in the directory with the SO rule files

If things don't work from there, there are four things to check --

1) SNORT_VERSION in the Makefile in the SO rules directory needs to be
set for your version of snort

2) BASEDIR in the Makefile needs to point to your snort sources.  I
*think* that you need to have compiled snort in that directory.

3) "dynamicdetection directory" in your snort.conf needs to point to
the directory where you have the compiled shared object rules (the
same directory as the shared objects source by default)

4) SO_RULE_PATH in your snort.conf needs to point to the directory
with your shared object stub rules (the same directory as the shared
object source by default)


Good luck!

~Patrick

On Wed, Sep 11, 2013 at 5:33 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:
> Hi,
>
>    I have generated rules in C language of shared object.
>
>    Is there any tutorial or blog post on
>
>    how to compile C language source code to generate our own
>
>    "shared object rules".
>
>    I also followed this thread but not get sufficient insight/understanding
>
>    http://seclists.org/snort/2011/q3/623
>
>    Seeking for guidance,
>
>    Thanks !!
>
> --
> Cheers,
> Mayur.



-- 
Patrick Mullen
Response Research Manager
Sourcefire VRT

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!