Snort mailing list archives
Re: Ubuntu 18 and so rules error
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 19 Jun 2018 20:24:26 -0600
Included....adding -r -d gives some more detail:
linux-vdso.so.1 (0x00007ffe1538f000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
(0x00007f9e03f41000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9e04564000)
undefined symbol: freeRuleData (./protocol-dns.so)
undefined symbol: byteTest (./protocol-dns.so)
undefined symbol: checkFlow (./protocol-dns.so)
undefined symbol: checkCursor (./protocol-dns.so)
undefined symbol: allocRuleData (./protocol-dns.so)
undefined symbol: RegisterRules (./protocol-dns.so)
undefined symbol: contentMatch (./protocol-dns.so)
undefined symbol: getBuffer (./protocol-dns.so)
undefined symbol: storeRuleData (./protocol-dns.so)
undefined symbol: DumpRules (./protocol-dns.so)
undefined symbol: log (./protocol-dns.so)
undefined symbol: pcreMatch (./protocol-dns.so)
undefined symbol: pow (./protocol-dns.so)
undefined symbol: getRuleData (./protocol-dns.so)
James
On Tue, 2018-06-19 at 22:19 -0400, Russ wrote:
Hey James, Can you send the ldd output for protocol-dns.so? Thanks Russ On 6/19/18 8:29 PM, James Lay wrote:Alas I got the same results: An error occurred: Loading dynamic detection library /opt/snort/lib/snort_dynamicrules/protocol-dns.so... ERROR: Failed to load /opt/snort/lib/snort_dynamicrules/protocol-dns.so: /opt/snort/lib/snort_dynamicrules/protocol-dns.so: undefined symbol: log file info: -rwxr-xr-x 1 root root 445824 Jun 18 11:28 /opt/snort/lib/snort_dynamicrules/protocol-dns.so My snort was compiled like so: ./configure --prefix=/opt/snort --enable-non-ether-decoders --enable-sourcefire --enable-shared-rep --enable-control- socket --enable-file-inspect --with-daq-includes=/opt/daq/include --with-daq-libraries=/opt/daq/lib --with-dnet-includes=/opt/libdnet/include --with-dnet-libraries=/opt/libdnet/lib libdnet like so: ./configure --prefix=/opt/libdnet CFLAGS=-fPIC -g -O2 and daq like so: ./configure --prefix=/opt/daq That info might help. If you'd like and have the time Patrick ping me off list and I can get you ssh access and you can go to town...thank you! James On 2018-06-19 09:57, James Lay wrote:Thanks Patrick...will test on that dev box today and report my findings. James On 2018-06-18 13:25, Patrick Mullen (pamullen) wrote:James, Y M, and anyone else experiencing this issue. We've made a build change from feedback given to me by Russ, so please report back after our next release, which should be some time tomorrow, Tuesday, 19 June, and let me know if the issue has been resolved. Unfortunately, I don't have the issue myself so I can't test it, but it should fix it. :crosses fingers: Thanks for your patience and assistance. Thanks, ~Patrick From: "Patrick Mullen (pamullen)" <pamullen () cisco com> Date: Friday, June 15, 2018 at 1:13 PM To: "jlay () slave-tothe-box net" <jlay () slave-tothe-box net> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Subject: Re: [Snort-users] Ubuntu 18 and so rules error James, I'm at a loss. Let me google and think about this and get back to you. Maybe it's a a versioning issue? Anyone else have/seen this issue? Thanks, ~Patrick From: James Lay <jlay () slave-tothe-box net> Reply-To: "jlay () slave-tothe-box net" <jlay () slave-tothe-box net> Date: Thursday, June 14, 2018 at 5:44 PM To: "Patrick Mullen (pamullen)" <pamullen () cisco com> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Subject: Re: [Snort-users] Ubuntu 18 and so rules error Yes....of note I am not compiling the rules, just using pulled pork to do it's thing. James On 2018-06-14 08:50, Patrick Mullen (pamullen) wrote:To be clear, my example code ran first try? Does snort continue to throw that error? ~Patrick From: James Lay <jlay () slave-tothe-box net> Ran like a champ: <snip screenshot> now we're having some fun! James On 2018-06-13 09:20, Patrick Mullen (pamullen) wrote:James, Here's a quick test. If this doesn't work, then install whatever google tells you and it should fix the snort loading problem. If it does, then I'm a little confused and we'll have to look into this further._______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-i s-the-mailing-list-etiquette_______________________________________________Snort-users mailing listSnort-users@lists.snort.orgGo to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinf o/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailin g-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Ubuntu 18 and so rules error, (continued)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error James Lay (Jun 14)
- Re: Ubuntu 18 and so rules error James Lay (Jun 14)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 15)
- Re: Ubuntu 18 and so rules error James Lay (Jun 15)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 18)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 22)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 26)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 27)
- Re: Ubuntu 18 and so rules error James Lay (Jun 27)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 28)