Snort mailing list archives
Re: Ubuntu 18 and so rules error
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 20 Jun 2018 03:52:12 -0600
Also of interest, snort does not appear to have compiled against libm
on this version of Ubuntu, other machines not on this version show libm
in the list:
linux-vdso.so.1 (0x00007ffe6458f000)
libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14
(0x00007f5e675dc000)
libdnet.so.1 => /opt/libdnet/lib/libdnet.so.1
(0x00007f5e673ca000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3
(0x00007f5e67158000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
(0x00007f5e66ce0000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
(0x00007f5e66adc000)
libsfbpf.so.0 => /opt/daq/lib/libsfbpf.so.0
(0x00007f5e668b6000)
libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
(0x00007f5e66675000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1
(0x00007f5e66458000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5
(0x00007f5e66232000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f5e66013000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
(0x00007f5e65c22000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5e68a35000)
James
On Wed, 2018-06-20 at 03:43 -0600, James Lay wrote:
Here's what I have: lrwxrwxrwx 1 root root 12 Jun 3 12:35 libm.so.6 -> libm-2.27.so James On Tue, 2018-06-19 at 23:05 -0400, Russ via Snort-users wrote:Yeah, libm.so.6 is missing. If this is blocking you, adding log(1); to main() in snort.c and building should get them to load. On 6/19/18 10:30 PM, Y M via Snort-users wrote:P {margin-top:0;margin-bottom:0;} Same results over here with malware-other.so. ERROR: Failed to load /usr/local/snort/lib/snort_dynamicrules/malware- other.so: /usr/local/snort/lib/snort_dynamicrules/malware- other.so: undefined symbol: sin $ ldd /usr/local/snort/lib/snort_dynamicrules/malware- other.so linux-vdso.so.1 (0x00007ffd4f9fe000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa326064000) /lib64/ld-linux-x86-64.so.2 (0x00007fa326781000) ..and ldd for protocol-dns.so for comparison sake. $ ldd /usr/local/snort/lib/snort_dynamicrules/protocol- dns.so linux-vdso.so.1 (0x00007ffe5c5ec000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f08aaf9c000) /lib64/ld-linux-x86-64.so.2 (0x00007f08ab5bf000) YM From: Snort-users <snort-users-bounces () lists snort org> on behalf of Russ via Snort-users <snort-users () lists snort org> Sent: Wednesday, June 20, 2018 5:19 AM To: jlay () slave-tothe-box net; Patrick Mullen (pamullen); Snort Subject: Re: [Snort-users] Ubuntu 18 and so rules error Hey James, Can you send the ldd output for protocol-dns.so? Thanks Russ On 6/19/18 8:29 PM, James Lay wrote:Alas I got the same results: An error occurred: Loading dynamic detection library /opt/snort/lib/snort_dynamicrules/protocol- dns.so... ERROR: Failed to load /opt/snort/lib/snort_dynamicrules/protocol-dns.so: /opt/snort/lib/snort_dynamicrules/protocol-dns.so: undefined symbol: log file info: -rwxr-xr-x 1 root root 445824 Jun 18 11:28 /opt/snort/lib/snort_dynamicrules/protocol-dns.so My snort was compiled like so: ./configure --prefix=/opt/snort --enable-non-ether- decoders --enable-sourcefire --enable-shared-rep --enable-control-socket --enable-file-inspect --with-daq-includes=/opt/daq/include --with-daq-libraries=/opt/daq/lib --with-dnet-includes=/opt/libdnet/include --with-dnet-libraries=/opt/libdnet/lib libdnet like so: ./configure --prefix=/opt/libdnet CFLAGS=-fPIC -g -O2 and daq like so: ./configure --prefix=/opt/daq That info might help. If you'd like and have the time Patrick ping me off list and I can get you ssh access and you can go to town...thank you! James On 2018-06-19 09:57, James Lay wrote:Thanks Patrick...will test on that dev box today and report my findings. James On 2018-06-18 13:25, Patrick Mullen (pamullen) wrote:James, Y M, and anyone else experiencing this issue. We've made a build change from feedback given to me by Russ, so please report back after our next release, which should be some time tomorrow, Tuesday, 19 June, and let me know if the issue has been resolved. Unfortunately, I don't have the issue myself so I can't test it, but it should fix it. :crosses fingers: Thanks for your patience and assistance. Thanks, ~Patrick From: "Patrick Mullen (pamullen)" <pamullen () cisco com> Date: Friday, June 15, 2018 at 1:13 PM To: "jlay () slave-tothe-box net" <jlay () slave-tothe-box net> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Subject: Re: [Snort-users] Ubuntu 18 and so rules error James, I'm at a loss. Let me google and think about this and get back to you. Maybe it's a a versioning issue? Anyone else have/seen this issue? Thanks, ~Patrick From: James Lay <jlay () slave-tothe-box net> Reply-To: "jlay () slave-tothe-box net" <jlay () slave-tothe-box net> Date: Thursday, June 14, 2018 at 5:44 PM To: "Patrick Mullen (pamullen)" <pamullen () cisco com> Cc: "snort-users () lists snort org" <snort-users () lists snort org> Subject: Re: [Snort-users] Ubuntu 18 and so rules error Yes....of note I am not compiling the rules, just using pulled pork to do it's thing. James On 2018-06-14 08:50, Patrick Mullen (pamullen) wrote:To be clear, my example code ran first try? Does snort continue to throw that error? ~Patrick From: James Lay <jlay () slave-tothe-box net> Ran like a champ: <snip screenshot> now we're having some fun! James On 2018-06-13 09:20, Patrick Mullen (pamullen) wrote:James, Here's a quick test. If this doesn't work, then install whatever google tells you and it should fix the snort loading problem. If it does, then I'm a little confused and we'll have to look into this further._______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort- users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-lis t-etiquette_______________________________________________Snort- users mailing listSnort-users@lists.snort.orgGo to this URL to change user options or unsubscribe:https://lists.snort.org/mail man/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-ma iling-list-etiquette_______________________________________________Snort-users mailing listSnort-users@lists.snort.orgGo to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listi nfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mail ing-list-etiquette_______________________________________________Snort-users mailing listSnort-users@lists.snort.orgGo to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinfo/sno rt-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailin g-list-etiquette_______________________________________________Snort-users mailing listSnort-users@lists.snort.orgGo to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing- list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Ubuntu 18 and so rules error, (continued)
- Re: Ubuntu 18 and so rules error James Lay (Jun 15)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 18)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 22)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 20)
- Re: Ubuntu 18 and so rules error James Lay (Jun 26)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 27)
- Re: Ubuntu 18 and so rules error James Lay (Jun 27)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 28)