Snort mailing list archives

Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH)

From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Wed, 6 May 2020 09:01:35 +0200

Hi Joel,

I just downloaded the snortrules-snapshot-3000.tar.gz, and unless i'm doing
something wrong I don't think that the snort.lua was updated to fix this
bug.
thanks
noah


On Mon, May 4, 2020 at 8:25 PM Joel Esler (jesler) <jesler () cisco com> wrote:

Correct, it would not be fixed until the next rule publish (Tuesday,
tomorrow)

On May 4, 2020, at 2:02 PM, Noah Dietrich <noah_dietrich () 86penny org>
wrote:

Hi Joel,

I just downloaded the latest version from snort.org/downloads
(snortrules-snapshot-3000.tar.gz), and it has not been updated (still has
the issue)
Thanks
Noah

On Sun, May 3, 2020 at 4:09 AM Joel Esler (jesler) <jesler () cisco com>
wrote:

Hey Noah,

I have been told by my team that this has been fixed.


--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Apr 26, 2020, at 10:29 AM, Noah Dietrich <noah_dietrich () 86penny org>
wrote:

Hello,
While testing the Registered ruleset with snort 3.0.1 b2, I found a bug
with the latest 3.0 rules: * snortrules-snapshot-3000.tar.gz.*

for the *snort.lua *file included in this ruleset, it still references
the old *SNORT_LUA_PATH*.  I found that if you remove the following
lines from this file

require('snort_config')

conf_dir = os.getenv('SNORT_LUA_PATH')

if ( not conf_dir ) then
   conf_dir = '.'
end

dofile(conf_dir .. '/snort_defaults.lua')
dofile(conf_dir .. '/file_magic.lua')


and add these lines (From the latest snort.lua generated by the make
process):

include 'snort_defaults.lua'
include 'file_magic.lua'


everything works perfectly.

Noah
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Russ Combs (rucombs) via Snort-devel (Apr 26)
- Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 02)
  - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 04)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 04)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 06)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Noah Dietrich (May 07)
    - Re: Issue with snort 3 registered ruleset (still expects SNORT_LUA_PATH) Joel Esler (jesler) via Snort-devel (May 07)