[Snort-devel] Snort 2.4 Released!

Martin Roesch roesch at ...402...
Wed Aug 3 11:33:01 EDT 2005


Ok, excellent.  We may do a 2.4.1 in the next week or so, there were  
a few other things that slipped thru in the release...

      -Marty


On Aug 3, 2005, at 2:26 PM, M. Shirk wrote:

> I installed the following packages for OpenBSD 3.7 (already had  
> pcre-4.5):
> autoconf-2.59
> automake-1.4-p6p2
>
> I also linked the binary names to the binary names on OpenBSD:
> lrwxr-xr-x   1 root  wheel       26 Aug  1 01:07 aclocal -> /usr/ 
> local/bin/aclocal-1.4
> lrwxr-xr-x   1 root  wheel       30 Aug  1 01:07 autoheader -> /usr/ 
> local/bin/autoheader-2.59
> lrwxr-xr-x   1 root  wheel       28 Aug  1 01:08 autoconf -> /usr/ 
> local/bin/autoconf-2.59
> lrwxr-xr-x   1 root  wheel       27 Aug  1 01:08 automake -> /usr/ 
> local/bin/automake-1.4
>
> my $PATH includes /usr/local/bin
>
> I then did the checkout:
> cvs -d:pserver:anonymous at ...2571...:/cvsroot co -r SNORT_2_4 snort
>
> Then I just ran ./configure && gmake && gmake install and it worked.
>
> Shirkdog
> http://www.shirkdog.us
>
>
>
>
>> From: Martin Roesch <roesch at ...402...>
>> To: "M. Shirk" <shirkdog_list at ...445...>
>> CC: protocoljunkie at ...2499..., snort- 
>> devel at lists.sourceforge.net,snort-team at ...402...
>> Subject: Re: [Snort-devel] Snort 2.4 Released!
>> Date: Wed, 3 Aug 2005 13:49:54 -0400
>>
>> Can you try downloading the SNORT_2_4 branch from cvs.snort.org  
>> and  see if you still have the compilation problems?  BTW, I've  
>> been using  gmake to do my builds on OpenBSD lately...
>>
>>      -Marty
>>
>> On Aug 3, 2005, at 12:58 PM, M. Shirk wrote:
>>
>>
>>> Scratch my question (snort.conf conversion from 2.3 to 2.4 was   
>>> missing community and bleeding snort rules and not your problem  
>>> and  my DFO for Dumb f****** operator) :-)
>>>
>>> Shirkdog
>>> http://www.shirkdog.us
>>>
>>>
>>>
>>>
>>>
>>>> From: "M. Shirk" <shirkdog_list at ...445...>
>>>> To: roesch at ...402..., protocoljunkie at ...2499...
>>>> CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>>> Subject: Re: [Snort-devel] Snort 2.4 Released!
>>>> Date: Wed, 03 Aug 2005 12:24:25 -0400
>>>>
>>>> YEAH, I am not the only one. I am on stable OpenBSD 3.7
>>>>
>>>> I was able to compile but I needed to adjust PATH to include / 
>>>> usr/ local/bin and /usr/local/sbin and I had to get the binary  
>>>> packages  for automake,autoheader,autoconf,aclocal.  I then did  
>>>> a CVS  checkout and ran autojunk.sh (edited to work on OpenBSD  
>>>> with the  bins in /usr/local/bin). Adding --with-libpcre- 
>>>> includes/libraries  to my ./configure, I was able to compile 2.4.
>>>>
>>>> After seeing this email, I took a tarball I downloaded and I  
>>>> was  able to compile this time( with the changes from above).
>>>>
>>>> One thing of note, in OpenBSD 3.7, and -current, they switched  
>>>> to  GCC-3.3.5
>>>> # gcc -v
>>>> Reading specs from /usr/lib/gcc-lib/i386-unknown- 
>>>> openbsd3.7/3.3.5/ specs
>>>> Configured with:
>>>> Thread model: single
>>>> gcc version 3.3.5 (propolice)
>>>> #
>>>>
>>>>
>>>>
>>>> Question: I noticed that in 2.3.3, if I was using http_inspect,   
>>>> that I would get pattern matches as well as the preprocessor   
>>>> alerts. Since running 2.4.0, when the RBOT HTTP garbage hits my   
>>>> sensor, http_inspect is firing its oversized_uri alert, but I  
>>>> no  longer get the bleeding snort rules that should trigger on  
>>>> this  (also the mod_jrun community rule). Is this an  
>>>> optimization to not  pattern match when the preprocessor can  
>>>> handle the traffic? (which  is cool), or something else?
>>>>
>>>> Shirkdog
>>>> http://www.shirkdog.us
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> From: Martin Roesch <roesch at ...402...>
>>>>> To: M Raju <protocoljunkie at ...2499...>
>>>>> CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>>>> Subject: Re: [Snort-devel] Snort 2.4 Released!
>>>>> Date: Wed, 3 Aug 2005 10:41:08 -0400
>>>>>
>>>>> Hi Raju,
>>>>>
>>>>> I'm checking it out.  I did a test build on OpenBSD 3.4  
>>>>> before   shipping, let me see if a problem slipped in there  
>>>>> someplace...
>>>>>
>>>>>      -Marty
>>>>>
>>>>>
>>>>> On Aug 3, 2005, at 7:55 AM, M Raju wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Marty,
>>>>>>  Just wanted to let you know that 2.4 compile on OpenBSD-current
>>>>>> fails. Not sure if any builds were tested on OpenBSD (I am   
>>>>>> setting up
>>>>>> a 3.7-stable box to see it is an OBSD issue). I know you were   
>>>>>> working
>>>>>> on RH9 rpms (yikes!), but perhaps *BSD were not added for 2.4   
>>>>>> testing?
>>>>>> Thanks.
>>>>>>
>>>>>> _Raju
>>>>>>
>>>>>> -
>>>>>>
>>>>>> local/include -DLIBNET_BSDISH_OS -DLIBNET_LIL_ENDIAN  -g -O2 -  
>>>>>> Wall -c
>>>>>> spp_stream4.c
>>>>>> spp_stream4.c: In function `DeleteSession':
>>>>>> spp_stream4.c:3661: error: `FLUSH_DELAY' undeclared (first  
>>>>>> use  in  this function)
>>>>>> spp_stream4.c:3661: error: (Each undeclared identifier is   
>>>>>> reported  only once
>>>>>> spp_stream4.c:3661: error: for each function it appears in.)
>>>>>> *** Error code 1
>>>>>>
>>>>>> Stop in /usr/local/src/snort-2.4.0/src/preprocessors.
>>>>>> *** Error code 1
>>>>>>
>>>>>> Stop in /usr/local/src/snort-2.4.0/src/preprocessors (line  
>>>>>> 285  of  Makefile).
>>>>>> *** Error code 1
>>>>>>
>>>>>> Stop in /usr/local/src/snort-2.4.0/src (line 334 of Makefile).
>>>>>> *** Error code 1
>>>>>>
>>>>>> Stop in /usr/local/src/snort-2.4.0 (line 303 of Makefile).
>>>>>> *** Error code 1
>>>>>>
>>>>>> Stop in /usr/local/src/snort-2.4.0 (line 180 of Makefile).
>>>>>>
>>>>>>
>>>>>> On 7/28/05, Martin Roesch <roesch at ...402...> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Nothing sinister, just dropped the ball between Jeremy  
>>>>>>> leaving  and me
>>>>>>> picking things up.  I'll take a look and get them in shortly  
>>>>>>> if  I  can.
>>>>>>>
>>>>>>>       -Marty
>>>>>>>
>>>>>>>
>>>>>>> On Jul 28, 2005, at 6:46 PM, Erik de Castro Lopo wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Thu, 28 Jul 2005 11:50:34 -0400
>>>>>>>> Jennifer Steffens <jennifer.steffens at ...402...> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hey Everyone,
>>>>>>>>>
>>>>>>>>> Snort v2.4 is now officially available. This release  
>>>>>>>>> includes a
>>>>>>>>> number
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> <snip>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> If you have any feedback, let us know - snort-  
>>>>>>>>> team at ...2780...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> I was rather disappointed that the two patch I sent in:
>>>>>>>>
>>>>>>>>      http://www.webservertalk.com/message1053302.html
>>>>>>>>      http://sourceforge.net/mailarchive/forum.php?
>>>>>>>> thread_id=7172477&forum_id=7142
>>>>>>>>
>>>>>>>> have not been applied. Both are smal localaised easily
>>>>>>>> verifiable changes.
>>>>>>>>
>>>>>>>> Have these been dropped by mistake or were they rejected for  
>>>>>>>> some
>>>>>>>> other reason?
>>>>>>>>
>>>>>>>> Erik
>>>>>>>> --
>>>>>>>> -------------------------------------------------------
>>>>>>>> [N] Erik de Castro Lopo, Senior Computer Engineer
>>>>>>>> [E] erik.de.castro.lopo at ...2292...
>>>>>>>> [W] http://www.sensorynetworks.com
>>>>>>>> [T] +61 2 83022726
>>>>>>>> [F] +61 2 94750316
>>>>>>>> [A] L6/140 William St, East Sydney NSW 2011, Australia
>>>>>>>> -------------------------------------------------------
>>>>>>>> "Premature optimization is the root of all evil" - C.A.R.Hoare
>>>>>>>> "If it doesn't work, don't optimize." - Christian Bau
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>>>> Sourcefire - Network Defense for the Real World - http://
>>>>>>> www.sourcefire.com
>>>>>>> Snort: Open Source Intrusion Detection and Prevention - http://
>>>>>>> www.snort.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> SF.Net email is Sponsored by the Better Software Conference  
>>>>>>> &  EXPO  September
>>>>>>> 19-22, 2005 * San Francisco, CA * Development Lifecycle  
>>>>>>> Practices
>>>>>>> Agile & Plan-Driven Development * Managing Projects & Teams  
>>>>>>> *   Testing & QA
>>>>>>> Security * Process Improvement & Measurement * http://  
>>>>>>> www.sqe.com/ bsce5sf
>>>>>>> _______________________________________________
>>>>>>> Snort-devel mailing list
>>>>>>> Snort-devel at lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> May the packets be with you.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>> Sourcefire - Network Defense for the Real World - http://   
>>>>> www.sourcefire.com
>>>>> Snort: Open Source Intrusion Detection and Prevention -  
>>>>> http://  www.snort.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> SF.Net email is sponsored by: Discover Easy Linux Migration   
>>>>> Strategies
>>>>> from IBM. Find simple to follow Roadmaps, straightforward  
>>>>> articles,
>>>>> informative Webcasts and more! Get everything you need to get  
>>>>> up to
>>>>> speed, fast. http://ads.osdn.com/? 
>>>>> ad_id=7477&alloc_id=16492&op=click
>>>>> _______________________________________________
>>>>> Snort-devel mailing list
>>>>> Snort-devel at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>
>>>>>
>>>>
>>>> _________________________________________________________________
>>>> Is your PC infected? Get a FREE online computer virus scan from   
>>>> McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/  
>>>> campaign.asp?cid=3963
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> SF.Net email is sponsored by: Discover Easy Linux Migration   
>>>> Strategies
>>>> from IBM. Find simple to follow Roadmaps, straightforward articles,
>>>> informative Webcasts and more! Get everything you need to get up to
>>>> speed, fast. http://ads.osdn.com/? 
>>>> ad_id=7477&alloc_id=16492&op=click
>>>> _______________________________________________
>>>> Snort-devel mailing list
>>>> Snort-devel at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>
>>>>
>>>
>>> _________________________________________________________________
>>> Don’t just search. Find. Check out the new MSN Search! http://  
>>> search.msn.click-url.com/go/onm00200636ave/direct/01/
>>>
>>>
>>>
>>
>> --
>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>> Sourcefire - Network Defense for the Real World - http://  
>> www.sourcefire.com
>> Snort: Open Source Intrusion Detection and Prevention - http://  
>> www.snort.org
>>
>>
>>
>>
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar – get it now! http:// 
> toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Network Defense for the Real World - http:// 
www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http:// 
www.snort.org







More information about the Snort-devel mailing list