[Snort-devel] Using example dynamic-rule plug-ins?

c0uchw4rrior c0uchw4rrior at ...2499...
Fri Oct 12 13:57:38 EDT 2007


Steven & Adam,

OK, I compiled automake 1.10 and autoconf 2.61 from source and I'm able tor
use those newer tools now. I ran `automake` and ./configure from the
top-level directory, and then ran `make` under src/dynamic-examples.

This successfully generated .so files for the dynamic rules under
src/dynamic-examples/dynamic-rule/.libs!
w00t!

I copied the lib_sfdynamic_example_rule.so file into
/usr/local/lib/snort_dynamicrule. Running snort in test mode w/
--dynamic-detection-lib-dir pointing to /usr/local/lib/snort_dynamicrule
gives:

[...]
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrule/...
  Loading dynamic detection library
/usr/local/lib/snort_dynamicrule//lib_sfdynamic_example_rule.so... done
  Finished Loading all dynamic detection libs from
/usr/local/lib/snort_dynamicrule/
[...]
DynamicPlugin: Rule [3:109] not enabled in configuration, rule will not be
used.
DynamicPlugin: Rule [3:637] not enabled in configuration, rule will not be
used.
[...]

Q: How do I enable the two example dynamic rules in my configuration, such
that they will be used by Snort? Thanks a bunch guys, I am almost there...

Many thanks,
c0uch

FYI, I applied the following patch to the dynamic-rule Makefile.am. The only
difference from your suggested changes, Steve, was to add the
"noinst_libdir" definition. Without it, automake would bomb out with errors.

--- snort-2.8.0/src/dynamic-examples/dynamic-rule/Makefile.am   2006-02-08
13:37:49.000000000 -0500
+++ snort-2.8.0-wrk/src/dynamic-examples/dynamic-rule/Makefile.am
2007-10-12 13:43:35.000000000 -0400
@@ -4,10 +4,11 @@
 INCLUDES = -I../include

 libdir = ${exec_prefix}/lib/snort_dynamicrules
+noinst_libdir = ${exec_prefix}/lib/snort_dynamicrules

-noinst_LTLIBRARIES = lib_sfdynamic_example_rule.la
+noinst_lib_LTLIBRARIES = lib_sfdynamic_example_rule.la

-lib_sfdynamic_example_rule_la_LDFLAGS = -module
+lib_sfdynamic_example_rule_la_LDFLAGS = -export-dynamic

 BUILT_SOURCES = \
 sfsnort_dynamic_detection_lib.c \
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20071012/3a7dd241/attachment.html>


More information about the Snort-devel mailing list