Snort mailing list archives
Re: Ubuntu 18 and so rules error
From: Russ via Snort-users <snort-users () lists snort org>
Date: Tue, 19 Jun 2018 23:05:54 -0400
Yeah, libm.so.6 is missing. If this is blocking you, adding log(1); to main() in snort.c and building should get them to load.
On 6/19/18 10:30 PM, Y M via Snort-users wrote:
Same results over here with malware-other.so.ERROR: Failed to load /usr/local/snort/lib/snort_dynamicrules/malware-other.so: /usr/local/snort/lib/snort_dynamicrules/malware-other.so: undefined symbol: sin$ ldd /usr/local/snort/lib/snort_dynamicrules/malware-other.so linux-vdso.so.1 (0x00007ffd4f9fe000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa326064000) /lib64/ld-linux-x86-64.so.2 (0x00007fa326781000) ..and ldd for protocol-dns.so for comparison sake. $ ldd /usr/local/snort/lib/snort_dynamicrules/protocol-dns.so linux-vdso.so.1 (0x00007ffe5c5ec000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f08aaf9c000) /lib64/ld-linux-x86-64.so.2 (0x00007f08ab5bf000) YM ------------------------------------------------------------------------*From:* Snort-users <snort-users-bounces () lists snort org> on behalf of Russ via Snort-users <snort-users () lists snort org>*Sent:* Wednesday, June 20, 2018 5:19 AM *To:* jlay () slave-tothe-box net; Patrick Mullen (pamullen); Snort *Subject:* Re: [Snort-users] Ubuntu 18 and so rules error Hey James, Can you send the ldd output for protocol-dns.so? Thanks Russ On 6/19/18 8:29 PM, James Lay wrote:Alas I got the same results:An error occurred: Loading dynamic detection library /opt/snort/lib/snort_dynamicrules/protocol-dns.so... ERROR: Failed to load /opt/snort/lib/snort_dynamicrules/protocol-dns.so: /opt/snort/lib/snort_dynamicrules/protocol-dns.so: undefined symbol: logfile info:-rwxr-xr-x 1 root root 445824 Jun 18 11:28 /opt/snort/lib/snort_dynamicrules/protocol-dns.soMy snort was compiled like so:./configure --prefix=/opt/snort --enable-non-ether-decoders --enable-sourcefire --enable-shared-rep --enable-control-socket --enable-file-inspect --with-daq-includes=/opt/daq/include --with-daq-libraries=/opt/daq/lib --with-dnet-includes=/opt/libdnet/include --with-dnet-libraries=/opt/libdnet/liblibdnet like so: ./configure --prefix=/opt/libdnet CFLAGS=-fPIC -g -O2 and daq like so: ./configure --prefix=/opt/daqThat info might help. If you'd like and have the time Patrick ping me off list and I can get you ssh access and you can go to town...thank you!James On 2018-06-19 09:57, James Lay wrote:Thanks Patrick...will test on that dev box today and report my findings. James On 2018-06-18 13:25, Patrick Mullen (pamullen) wrote: James, Y M, and anyone else experiencing this issue. We've made a build change from feedback given to me by Russ, so please report back after our next release, which should be some time tomorrow, Tuesday, 19 June, and let me know if the issue has been resolved. Unfortunately, I don't have the issue myself so I can't test it, but it should fix it. :crosses fingers: Thanks for your patience and assistance. Thanks, ~Patrick *From: *"Patrick Mullen (pamullen)" <pamullen () cisco com> <mailto:pamullen () cisco com> *Date: *Friday, June 15, 2018 at 1:13 PM *To: *"jlay () slave-tothe-box net" <mailto:jlay () slave-tothe-box net> <jlay () slave-tothe-box net> <mailto:jlay () slave-tothe-box net> *Cc: *"snort-users () lists snort org" <mailto:snort-users () lists snort org> <snort-users () lists snort org> <mailto:snort-users () lists snort org> *Subject: *Re: [Snort-users] Ubuntu 18 and so rules error James, I'm at a loss. Let me google and think about this and get back to you. Maybe it's a a versioning issue? Anyone else have/seen this issue? Thanks, ~Patrick *From: *James Lay <jlay () slave-tothe-box net> <mailto:jlay () slave-tothe-box net> *Reply-To: *"jlay () slave-tothe-box net" <mailto:jlay () slave-tothe-box net> <jlay () slave-tothe-box net> <mailto:jlay () slave-tothe-box net> *Date: *Thursday, June 14, 2018 at 5:44 PM *To: *"Patrick Mullen (pamullen)" <pamullen () cisco com> <mailto:pamullen () cisco com> *Cc: *"snort-users () lists snort org" <mailto:snort-users () lists snort org> <snort-users () lists snort org> <mailto:snort-users () lists snort org> *Subject: *Re: [Snort-users] Ubuntu 18 and so rules error Yes....of note I am not compiling the rules, just using pulled pork to do it's thing. James On 2018-06-14 08:50, Patrick Mullen (pamullen) wrote: To be clear, my example code ran first try? Does snort continue to throw that error? ~Patrick *From: *James Lay <jlay () slave-tothe-box net> <mailto:jlay () slave-tothe-box net> Ran like a champ: <snip screenshot> now we're having some fun! James On 2018-06-13 09:20, Patrick Mullen (pamullen) wrote: James, Here's a quick test. If this doesn't work, then install whatever google tells you and it should fix the snort loading problem. If it does, then I'm a little confused and we'll have to look into this further. _______________________________________________ Snort-users mailing list Snort-users () lists snort org <mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-usersPlease visit http://blog.snort.org to stay current on all the latest Snort news!Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>_______________________________________________ Snort-users mailing list Snort-users () lists snort org <mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news! Please follow these rules:https://snort.org/faq/what-is-the-mailing-list-etiquette_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Ubuntu 18 and so rules error, (continued)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 15)
- Re: Ubuntu 18 and so rules error James Lay (Jun 15)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 18)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 22)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 26)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 27)
- Re: Ubuntu 18 and so rules error James Lay (Jun 27)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 28)