Snort mailing list archives
Missing all dynamic files - snort won't start (fwd)
From: elof () sentor se
Date: Thu, 6 Nov 2014 14:17:27 +0100 (CET)
Hi Ryan!
Any thoughts to my previous email?
Here's a diff between the contents of the new and old FreeBSD
ports package:
diff -y --suppress-common-lines /tmp/snort-2.9.7.0.txz.list /tmp/snort-2.9.6.2.txz.list
/usr/local/share/licenses/snort-2.9.7.0/catalog.mk |
/usr/local/share/licenses/snort-2.9.6.2/catalog.mk
/usr/local/share/licenses/snort-2.9.7.0/LICENSE |
/usr/local/share/licenses/snort-2.9.6.2/LICENSE
/usr/local/share/licenses/snort-2.9.7.0/GPLv2 |
/usr/local/share/licenses/snort-2.9.6.2/GPLv2
/usr/local/include/snort/dynamic_preproc/appId.h <
/usr/local/include/snort/dynamic_preproc/file_mail_common.h <
/usr/local/include/snort/dynamic_preproc/mpse_methods.h <
/usr/local/include/snort/dynamic_preproc/packet_time.h <
/usr/local/include/snort/dynamic_preproc/session_api.h <
/usr/local/include/snort/dynamic_preproc/sfdebug.h <
/usr/local/include/snort/dynamic_preproc/sidechannel_define.h <
/usr/local/include/snort/dynamic_preproc/sip_common.h <
/usr/local/include/snort/dynamic_preproc/ssl_config.h <
/usr/local/include/snort/dynamic_preproc/ssl_ha.h <
/usr/local/include/snort/dynamic_preproc/ssl_include.h <
/usr/local/include/snort/dynamic_preproc/ssl_inspect.h <
/usr/local/include/snort/dynamic_preproc/ssl_session.h <
/usr/local/lib/snort_dynamicengine/libsf_engine.a |
/usr/local/lib/snort/dynamicengine/libsf_engine.a
/usr/local/lib/snort_dynamicengine/libsf_engine.so |
/usr/local/lib/snort/dynamicengine/libsf_engine.so
/usr/local/lib/snort_dynamicengine/libsf_engine.so.0 |
/usr/local/lib/snort/dynamicengine/libsf_engine.so.0
/usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0 |
/usr/local/lib/snort/dynamicengine/libsf_engine.so.0.0.0
/usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
/usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
/usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
/usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
/usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
/usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
/usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
/usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
/usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
/usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
/usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
/usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
/usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
/usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
/usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
/usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
/usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
/usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
/usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
/usr/local/share/doc/snort/OpenDetectorDeveloperGuide.pdf <
/usr/local/share/doc/snort/README.appid <
>
/usr/local/share/doc/snort/README.rzb_saac
/usr/local/src/snort_dynamicsrc/appId.h <
/usr/local/src/snort_dynamicsrc/file_mail_common.h <
/usr/local/src/snort_dynamicsrc/mpse_methods.h <
/usr/local/src/snort_dynamicsrc/session_api.h <
/usr/local/src/snort_dynamicsrc/sfdebug.h <
/usr/local/src/snort_dynamicsrc/sfparser.c <
/usr/local/src/snort_dynamicsrc/sidechannel_define.h <
/usr/local/src/snort_dynamicsrc/sip_common.h <
/usr/local/src/snort_dynamicsrc/ssl.c <
/usr/local/src/snort_dynamicsrc/ssl.h <
/usr/local/src/snort_dynamicsrc/ssl_config.c <
/usr/local/src/snort_dynamicsrc/ssl_config.h <
/usr/local/src/snort_dynamicsrc/ssl_ha.c <
/usr/local/src/snort_dynamicsrc/ssl_ha.h <
/usr/local/src/snort_dynamicsrc/ssl_include.h <
/usr/local/src/snort_dynamicsrc/ssl_inspect.c <
/usr/local/src/snort_dynamicsrc/ssl_inspect.h <
/usr/local/src/snort_dynamicsrc/ssl_session.h <
>
/usr/local/lib/snort/dynamicpreprocessor/
>
/usr/local/lib/snort/dynamicengine/
The packages were built using these options:
cat poudriere.d/100amd64-options/security_snort/options
# This file is auto-generated by 'make config'.
# Options for snort-2.9.7.0
_OPTIONS_READ=snort-2.9.7.0
_FILE_COMPLETE_OPTIONS_LIST=DOCS GRE IPV6 LRGPCAP NONETHER NORMALIZER
PERFPROFILE REACT SOURCEFIRE ZLIB BARNYARD PULLEDPORK DBGSNORT
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=GRE
OPTIONS_FILE_UNSET+=IPV6
OPTIONS_FILE_UNSET+=LRGPCAP
OPTIONS_FILE_UNSET+=NONETHER
OPTIONS_FILE_SET+=NORMALIZER
OPTIONS_FILE_SET+=PERFPROFILE
OPTIONS_FILE_UNSET+=REACT
OPTIONS_FILE_UNSET+=SOURCEFIRE
OPTIONS_FILE_SET+=ZLIB
OPTIONS_FILE_UNSET+=BARNYARD
OPTIONS_FILE_UNSET+=PULLEDPORK
OPTIONS_FILE_UNSET+=DBGSNORT
BTW, I see that the options have changed in the 2.9.7.0 port. These two
options have disappeared:
OPTIONS_FILE_UNSET+=MPLS
OPTIONS_FILE_UNSET+=TARGETBASED
Is this as intended? I think they should not be removed. Can you please
add them back?
(
In fact, there are more options that should be selectable. Not that I need
any of them right now, but for correctness and for the future, they should
be added and selectable IMHO.
Here's a full list of options from snort 2.9.7.0 source:
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as
--enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-silent-rules less verbose build output (undo: "make V=1")
--disable-silent-rules verbose build output (undo: "make V=0")
--enable-maintainer-mode
enable make rules and dependencies not useful
(and
sometimes confusing) to the casual installer
--enable-dependency-tracking
do not reject slow dependency extractors
--disable-dependency-tracking
speeds up one-time build
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-64bit-gcc Try to compile 64bit (only tested on Sparc
Solaris 9 and 10).
--enable-so-with-static-lib Enable linking of dynamically loaded
preprocessors with a static preprocessor library
--enable-control-socket Enable the control socket
--enable-side-channel Enable the side channel (Experimental)
--disable-static-daq Link static DAQ modules.
--enable-build-dynamic-examples Enable building of example dynamically
loaded preprocessor and rule (off by default)
--disable-dlclose Only use if you are developing dynamic
preprocessors or shared object rules. Disable (--disable-dlclose) for
testing valgrind leaks in dynamic libraries so a usable backtrace is re$
--disable-lzma Disable LZMA Decompression
--disable-gre Disable GRE and IP in IP encapsulation support
--disable-mpls Disable MPLS support
--disable-targetbased Disable Target-Based Support in Stream, Frag,
and Rules (adds pthread support implicitly)
--disable-ppm Disable packet/rule performance monitor
--disable-perfprofiling Disable preprocessor and rule performance
profiling
--enable-linux-smp-stats Enable statistics reporting through proc
--enable-inline-init-failopen Enable Fail Open during initialization
for Inline Mode (adds pthread support implicitly)
--disable-pthread Disable pthread support
--enable-debug-msgs Enable debug printing options (bugreports and
developers only)
--enable-debug Enable debugging options (bugreports and
developers only)
--enable-gdb Enable gdb debugging information
--enable-profile Enable profiling options (developers only)
--disable-ppm-test Disable packet/rule performance monitor
--enable-sourcefire Enable Sourcefire specific build options,
encompasing --enable-perfprofiling and --enable-ppm
--disable-corefiles Prevent Snort from generating core files
--disable-active-response Disable reject injection
--disable-normalizer Disable packet/stream normalizations
--disable-reload Disable reloading a configuration without
restarting
--disable-reload-error-restart Disable restarting on reload error
--enable-ha Enable high-availability state sharing
(Experimental)
--enable-non-ether-decoders Enable non Ethernet decoders.
--disable-react Disable interception and termination of
offending HTTP accesses
--disable-flexresp3 Disable flexible responses (v3) on hostile
connection attempts
--enable-intel-soft-cpm Enable Intel Soft CPM support
--enable-shared-rep Enable use of Shared Memory for Reputation
(Linux only)
--enable-large-pcap Enable support for pcaps larger than 2 GB
--enable-file-inspect Build with extended file inspection features.
(Experimental)
--enable-open-appid Build with application id support.
(Experimental)
)
/Elof
---------- Forwarded message ----------
From: elof () sentor se
To: snort-devel mailinglist <snort-devel () lists sourceforge net>
Cc: zi () FreeBSD org
Date: Wed, 5 Nov 2014 18:15:45 +0100 (CET)
Subject: [Snort-devel] Missing all dynamic files - snort won't start
ERROR: /foo/etc/snort.conf(125) Could not stat dynamic
module path "/usr/local/lib/snort/dynamicengine/libsf_engine.so": No such
file or directory.
Fatal Error, Quitting..
I don't know if this is a FreeBSD ports issue or something new in snort
2.9.7.0 in general, but it seems all the dynamic libs have moved.
So, my snort.conf expect to find its libs here:
/usr/local/lib/snort/dynamic_output
/usr/local/lib/snort/dynamic_preproc
/usr/local/lib/snort/dynamicengine
/usr/local/lib/snort/dynamicpreprocessor
...while the new snort package puts some here:
/usr/local/lib/snort/dynamic_output/libsf_dynamic_output.a
/usr/local/lib/snort/dynamic_preproc/libsf_dynamic_preproc.a
...and the rest of the files here:
/usr/local/lib/snort_dynamicengine/*
/usr/local/lib/snort_dynamicpreprocessor/*
1)
Is this a typo, where snort_dynamicengine and snort_dynamicpreprocessor
should have a slash instead of an underscore ?
If not, why move *some* files to new dirs? Confusing.
2)
The snort.conf included in the package contain the same configuration
statements as I use in my current snort.conf:
dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
The dir /usr/local/lib/snort/dynamicpreprocessor/ is empty and
/usr/local/lib/snort/dynamicengine/libsf_engine.so does not exist.
So either fix the paths in 1) or update the example snort.conf included in
the package with correct paths.
3)
If this wasn't a typo and files have really moved, please make a note of
it in the ports/UPDATING log, since this is a major change that will cause
snort to quit with a fatal error.
(last log entry is 20120723 when the database output module got deprecated)
/Elof
------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing all dynamic files - snort won't start (fwd) elof (Nov 06)
- Re: Missing all dynamic files - snort won't start elof (Nov 10)
- Re: Missing all dynamic files - snort won't start Josh Rosenbaum (jrosenba) (Nov 10)
- Re: Missing all dynamic files - snort won't start elof (Nov 10)