[Snort-devel] Snort 2.4 Released!

M. Shirk shirkdog_list at ...445...
Wed Aug 3 11:28:02 EDT 2005


I installed the following packages for OpenBSD 3.7 (already had pcre-4.5):
autoconf-2.59
automake-1.4-p6p2

I also linked the binary names to the binary names on OpenBSD:
lrwxr-xr-x   1 root  wheel       26 Aug  1 01:07 aclocal -> 
/usr/local/bin/aclocal-1.4
lrwxr-xr-x   1 root  wheel       30 Aug  1 01:07 autoheader -> 
/usr/local/bin/autoheader-2.59
lrwxr-xr-x   1 root  wheel       28 Aug  1 01:08 autoconf -> 
/usr/local/bin/autoconf-2.59
lrwxr-xr-x   1 root  wheel       27 Aug  1 01:08 automake -> 
/usr/local/bin/automake-1.4

my $PATH includes /usr/local/bin

I then did the checkout:
cvs -d:pserver:anonymous at ...2571...:/cvsroot co -r SNORT_2_4 snort

Then I just ran ./configure && gmake && gmake install and it worked.

Shirkdog
http://www.shirkdog.us



>From: Martin Roesch <roesch at ...402...>
>To: "M. Shirk" <shirkdog_list at ...445...>
>CC: protocoljunkie at ...2499..., 
>snort-devel at lists.sourceforge.net,snort-team at ...402...
>Subject: Re: [Snort-devel] Snort 2.4 Released!
>Date: Wed, 3 Aug 2005 13:49:54 -0400
>
>Can you try downloading the SNORT_2_4 branch from cvs.snort.org and  see if 
>you still have the compilation problems?  BTW, I've been using  gmake to do 
>my builds on OpenBSD lately...
>
>      -Marty
>
>On Aug 3, 2005, at 12:58 PM, M. Shirk wrote:
>
>>Scratch my question (snort.conf conversion from 2.3 to 2.4 was  missing 
>>community and bleeding snort rules and not your problem and  my DFO for 
>>Dumb f****** operator) :-)
>>
>>Shirkdog
>>http://www.shirkdog.us
>>
>>
>>
>>
>>>From: "M. Shirk" <shirkdog_list at ...445...>
>>>To: roesch at ...402..., protocoljunkie at ...2499...
>>>CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>>Subject: Re: [Snort-devel] Snort 2.4 Released!
>>>Date: Wed, 03 Aug 2005 12:24:25 -0400
>>>
>>>YEAH, I am not the only one. I am on stable OpenBSD 3.7
>>>
>>>I was able to compile but I needed to adjust PATH to include /usr/ 
>>>local/bin and /usr/local/sbin and I had to get the binary packages  for 
>>>automake,autoheader,autoconf,aclocal.  I then did a CVS  checkout and ran 
>>>autojunk.sh (edited to work on OpenBSD with the  bins in /usr/local/bin). 
>>>Adding --with-libpcre-includes/libraries  to my ./configure, I was able 
>>>to compile 2.4.
>>>
>>>After seeing this email, I took a tarball I downloaded and I was  able to 
>>>compile this time( with the changes from above).
>>>
>>>One thing of note, in OpenBSD 3.7, and -current, they switched to  
>>>GCC-3.3.5
>>># gcc -v
>>>Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd3.7/3.3.5/ specs
>>>Configured with:
>>>Thread model: single
>>>gcc version 3.3.5 (propolice)
>>>#
>>>
>>>
>>>
>>>Question: I noticed that in 2.3.3, if I was using http_inspect,  that I 
>>>would get pattern matches as well as the preprocessor  alerts. Since 
>>>running 2.4.0, when the RBOT HTTP garbage hits my  sensor, http_inspect 
>>>is firing its oversized_uri alert, but I no  longer get the bleeding 
>>>snort rules that should trigger on this  (also the mod_jrun community 
>>>rule). Is this an optimization to not  pattern match when the 
>>>preprocessor can handle the traffic? (which  is cool), or something else?
>>>
>>>Shirkdog
>>>http://www.shirkdog.us
>>>
>>>
>>>
>>>
>>>>From: Martin Roesch <roesch at ...402...>
>>>>To: M Raju <protocoljunkie at ...2499...>
>>>>CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>>>Subject: Re: [Snort-devel] Snort 2.4 Released!
>>>>Date: Wed, 3 Aug 2005 10:41:08 -0400
>>>>
>>>>Hi Raju,
>>>>
>>>>I'm checking it out.  I did a test build on OpenBSD 3.4 before   
>>>>shipping, let me see if a problem slipped in there someplace...
>>>>
>>>>      -Marty
>>>>
>>>>
>>>>On Aug 3, 2005, at 7:55 AM, M Raju wrote:
>>>>
>>>>
>>>>>Marty,
>>>>>  Just wanted to let you know that 2.4 compile on OpenBSD-current
>>>>>fails. Not sure if any builds were tested on OpenBSD (I am  setting up
>>>>>a 3.7-stable box to see it is an OBSD issue). I know you were  working
>>>>>on RH9 rpms (yikes!), but perhaps *BSD were not added for 2.4  testing?
>>>>>Thanks.
>>>>>
>>>>>_Raju
>>>>>
>>>>>-
>>>>>
>>>>>local/include -DLIBNET_BSDISH_OS -DLIBNET_LIL_ENDIAN  -g -O2 - Wall -c
>>>>>spp_stream4.c
>>>>>spp_stream4.c: In function `DeleteSession':
>>>>>spp_stream4.c:3661: error: `FLUSH_DELAY' undeclared (first use  in  
>>>>>this function)
>>>>>spp_stream4.c:3661: error: (Each undeclared identifier is  reported  
>>>>>only once
>>>>>spp_stream4.c:3661: error: for each function it appears in.)
>>>>>*** Error code 1
>>>>>
>>>>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors.
>>>>>*** Error code 1
>>>>>
>>>>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors (line 285  of  
>>>>>Makefile).
>>>>>*** Error code 1
>>>>>
>>>>>Stop in /usr/local/src/snort-2.4.0/src (line 334 of Makefile).
>>>>>*** Error code 1
>>>>>
>>>>>Stop in /usr/local/src/snort-2.4.0 (line 303 of Makefile).
>>>>>*** Error code 1
>>>>>
>>>>>Stop in /usr/local/src/snort-2.4.0 (line 180 of Makefile).
>>>>>
>>>>>
>>>>>On 7/28/05, Martin Roesch <roesch at ...402...> wrote:
>>>>>
>>>>>
>>>>>>Nothing sinister, just dropped the ball between Jeremy leaving  and me
>>>>>>picking things up.  I'll take a look and get them in shortly if  I  
>>>>>>can.
>>>>>>
>>>>>>       -Marty
>>>>>>
>>>>>>
>>>>>>On Jul 28, 2005, at 6:46 PM, Erik de Castro Lopo wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>On Thu, 28 Jul 2005 11:50:34 -0400
>>>>>>>Jennifer Steffens <jennifer.steffens at ...402...> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Hey Everyone,
>>>>>>>>
>>>>>>>>Snort v2.4 is now officially available. This release includes a
>>>>>>>>number
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>><snip>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>If you have any feedback, let us know - snort- team at ...2780...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>I was rather disappointed that the two patch I sent in:
>>>>>>>
>>>>>>>      http://www.webservertalk.com/message1053302.html
>>>>>>>      http://sourceforge.net/mailarchive/forum.php?
>>>>>>>thread_id=7172477&forum_id=7142
>>>>>>>
>>>>>>>have not been applied. Both are smal localaised easily
>>>>>>>verifiable changes.
>>>>>>>
>>>>>>>Have these been dropped by mistake or were they rejected for some
>>>>>>>other reason?
>>>>>>>
>>>>>>>Erik
>>>>>>>--
>>>>>>>-------------------------------------------------------
>>>>>>>[N] Erik de Castro Lopo, Senior Computer Engineer
>>>>>>>[E] erik.de.castro.lopo at ...2292...
>>>>>>>[W] http://www.sensorynetworks.com
>>>>>>>[T] +61 2 83022726
>>>>>>>[F] +61 2 94750316
>>>>>>>[A] L6/140 William St, East Sydney NSW 2011, Australia
>>>>>>>-------------------------------------------------------
>>>>>>>"Premature optimization is the root of all evil" - C.A.R.Hoare
>>>>>>>"If it doesn't work, don't optimize." - Christian Bau
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>--
>>>>>>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>>>Sourcefire - Network Defense for the Real World - http://
>>>>>>www.sourcefire.com
>>>>>>Snort: Open Source Intrusion Detection and Prevention - http://
>>>>>>www.snort.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>-------------------------------------------------------
>>>>>>SF.Net email is Sponsored by the Better Software Conference &  EXPO  
>>>>>>September
>>>>>>19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>>>>>>Agile & Plan-Driven Development * Managing Projects & Teams *   
>>>>>>Testing & QA
>>>>>>Security * Process Improvement & Measurement * http:// www.sqe.com/ 
>>>>>>bsce5sf
>>>>>>_______________________________________________
>>>>>>Snort-devel mailing list
>>>>>>Snort-devel at lists.sourceforge.net
>>>>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>May the packets be with you.
>>>>>
>>>>>
>>>>>
>>>>
>>>>--
>>>>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>Sourcefire - Network Defense for the Real World - http://  
>>>>www.sourcefire.com
>>>>Snort: Open Source Intrusion Detection and Prevention - http://  
>>>>www.snort.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>-------------------------------------------------------
>>>>SF.Net email is sponsored by: Discover Easy Linux Migration  Strategies
>>>>from IBM. Find simple to follow Roadmaps, straightforward articles,
>>>>informative Webcasts and more! Get everything you need to get up to
>>>>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>>>_______________________________________________
>>>>Snort-devel mailing list
>>>>Snort-devel at lists.sourceforge.net
>>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>
>>>
>>>_________________________________________________________________
>>>Is your PC infected? Get a FREE online computer virus scan from  McAfee® 
>>>Security. http://clinic.mcafee.com/clinic/ibuy/ campaign.asp?cid=3963
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>SF.Net email is sponsored by: Discover Easy Linux Migration  Strategies
>>>from IBM. Find simple to follow Roadmaps, straightforward articles,
>>>informative Webcasts and more! Get everything you need to get up to
>>>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>>_______________________________________________
>>>Snort-devel mailing list
>>>Snort-devel at lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>
>>_________________________________________________________________
>>Don’t just search. Find. Check out the new MSN Search! http:// 
>>search.msn.click-url.com/go/onm00200636ave/direct/01/
>>
>>
>
>--
>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>Sourcefire - Network Defense for the Real World - http:// 
>www.sourcefire.com
>Snort: Open Source Intrusion Detection and Prevention - http:// 
>www.snort.org
>
>
>

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/





More information about the Snort-devel mailing list