Snort mailing list archives

Re: Error Compiling Snort 2.9.11.1

From: "Lucas Miguel \(_theHarvester\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 29 Jun 2018 07:42:15 +0100

Worked just fine. 

Thanks in advance.

I’ve inserted the bellow line in snort.conf file and when testing it’s rising fatal error.

        output unified2: filename snort.u2, limit 128, appid_event_type

ERROR:
          
        Log directory = /var/log/snort
        ERROR: Argument Error in /etc/snort/snort.conf(527): appid_event_type
        Fatal Error, Quitting..


Regards,
Alcides

On Jun 28, 2018, at 3:58 PM, Y M via Snort-users <snort-users () lists snort org> wrote:

It is definitely not the same error. The error in this case is in 

libsf_appid_preproc_la-service_ssl.lo

The previous errors were in different files. This is good because it means the past errors are fixed, hopefully.

This new error is mostly related to the fact that the OpenSSL/libssl packages in Ubuntu 18.04 are of version >=1.1.  
In this case, remove OpenSSL and libssl and downgrade to libssl 1.0.2 via

apt-get install libssl1.0-dev

Or something similar.After that try make again. I guess this happens because OpenAppID relies on SSL libraries/API 
that have changed in the newer version of OpenSSL/libssl. I guess OpenAppID needs to be updated to handle the new 
changes in libssl, simply a guess

Please test this and let us know.

From: Lucas Miguel (_theHarvester) <alcides.romeu () gmail com>
Sent: Thursday, June 28, 2018 5:48 PM
To: Y M
Cc: snort-users () lists snort org
Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
 
Hello,

I’ve retried and I think that the error continues the same.

   16  sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev 
liblzma-dev
   17  sudo apt-get install -y libnghttp2-dev
   18  sudo apt-get install -y pkg-config openssl libssl-dev
   22  wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz <http://luajit.org/download/LuaJIT-2.0.5.tar.gz>
   23  tar xzvf libdnet-1.11.tar.gz
   24  cd libdnet-1.11/
   25  ./configure
   26  make
   27  sudo make install
   28  cd ..
   29  tar xzvf LuaJIT-2.0.5.tar.gz
   30  cd LuaJIT-2.0.5/
   31  make
   32  sudo make install
   33  wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz 
<https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz>
   34  ls
   35  cp daq-2.0.6.tar.gz ~/snort_src/
   36  rm daq-2.0.6.tar.gz
   37  ls
   38  cd ..
   39  ls
   40  tar -xzvf daq-2.0.6.tar.gz
   41  cd daq-2.0.6/
   42  ls
   43  ./configure
   44  make
   45  sudo make install
   46  sudo ldconfig
   47  cd ..
   48  ls
   49  wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz 
<https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz>
   50  tar -zxvf snort-2.9.11.1.tar.gz
   51  cd snort-2.9.11.1/
   52  ./configure --enable-sourcefire --enable-open-appid
   53  make



../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c: In function ‘parse_certificates’:
../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:488:32: error: dereferencing pointer to 
incomplete type ‘X509 {aka struct x509_st}’
             start = strstr(cert->name, COMMON_NAME_STR);
                                ^~
Makefile:855: recipe for target 'libsf_appid_preproc_la-service_ssl.lo' failed
make[5]: *** [libsf_appid_preproc_la-service_ssl.lo] Error 1
make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
Makefile:1036: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:807: recipe for target 'all' failed
make[3]: *** [all] Error 2
make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:558: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
Makefile:516: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
Makefile:382: recipe for target 'all' failed
make: *** [all] Error 2



Regards,

Alcides

On Jun 28, 2018, at 3:03 PM, Y M via Snort-users <snort-users () lists snort org <mailto:snort-users () lists snort 
org>> wrote:

What is the operating system you are trying this on? I faced similar issues with newer Linux distros such as Ubuntu 
18.04.

Try removing all Lua packages installed from the repo, and then install LuaJIT from source as James suggested.

You may face additional issues with AppID and SSL. If you get to that point, please post the error message you get.

Thanks.
YM

From: Snort-users <snort-users-bounces () lists snort org <mailto:snort-users-bounces () lists snort org>> on behalf 
of Lucas Miguel (_theHarvester) via Snort-users <snort-users () lists snort org <mailto:snort-users () lists snort 
org>>
Sent: Thursday, June 28, 2018 4:04:50 PM
To: Noah Dietrich
Cc: snort-users () lists snort org <mailto:snort-users () lists snort org>
Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
 
Even after installing LuaJit and all other components it’s still failing the same exact error.

Regards,

On Jun 28, 2018, at 12:50 PM, Noah Dietrich <noah_dietrich () 86penny org <mailto:noah_dietrich () 86penny org>> 
wrote:

OpenAppID on ubuntu for snort 2.9.x requires the additional librarires:
sudoapt-getinstall-y
 libluajit-5.1-dev pkg-config openssl libssl-dev 

Steps are here: http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/ 
<http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/>


On Thu, Jun 28, 2018 at 1:11 PM, James Lay <jlay () slave-tothe-box net <mailto:jlay () slave-tothe-box net>> wrote:
You're missing luajit:

http://luajit.org/download.html <http://luajit.org/download.html>

your package manager may have it as well..make sure to install the -dev package as well.

James

On Thu, 2018-06-28 at 11:46 +0100, Lucas Miguel (_theHarvester) via Snort-users wrote:

Hello,

I’m compiling snort 2.9.11.1 with —enable-sourcefire —enable-open-appid option’s but when I issue the make command 
I receive the bellow error.


Makefile:702: recipe for target 'libsf_appid_preproc_la-luaDetectorApi.lo' failed
make[5]: *** [libsf_appid_preproc_la-luaDetectorApi.lo] Error 1
make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
Makefile:1036: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:807: recipe for target 'all' failed
make[3]: *** [all] Error 2
make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
Makefile:558: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
Makefile:516: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
Makefile:382: recipe for target 'all' failed
make: *** [all] Error 2

Any help?

Regards,
Alcides
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org <mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>

Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette 
<https://snort.org/faq/what-is-the-mailing-list-etiquette>



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org <mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>

Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette 
<https://snort.org/faq/what-is-the-mailing-list-etiquette>


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org <mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>

Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette 
<https://snort.org/faq/what-is-the-mailing-list-etiquette>


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org <mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)
- Re: Error Compiling Snort 2.9.11.1 James Lay (Jun 28)
  - Re: Error Compiling Snort 2.9.11.1 Noah Dietrich (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Y M via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Y M via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)
    - Re: Error Compiling Snort 2.9.11.1 Y M via Snort-users (Jun 29)
    - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 29)
  - Re: Error Compiling Snort 2.9.11.1 Lucas Miguel (_theHarvester) via Snort-users (Jun 28)