[Snort-devel] Using example dynamic-rule plug-ins?

Steven Sturges steve.sturges at ...402...
Fri Oct 12 15:06:11 EDT 2007


Great!!!

Use the command line option --dump-dynamic-rules [path].  That
creates a stub rule file xxx.rules that contains the gid/sid,
ports, classifications, etc.

You can change the actions for each rule from alert to drop as
needed and then include the xxx.rules file in your snort.conf.

Cheers.
-steve

c0uchw4rrior wrote:
> Steven & Adam,
> 
> OK, I compiled automake 1.10 and autoconf 2.61 from source and I'm able tor
> use those newer tools now. I ran `automake` and ./configure from the
> top-level directory, and then ran `make` under src/dynamic-examples.
> 
> This successfully generated .so files for the dynamic rules under
> src/dynamic-examples/dynamic-rule/.libs!
> w00t!
> 
> I copied the lib_sfdynamic_example_rule.so file into
> /usr/local/lib/snort_dynamicrule. Running snort in test mode w/
> --dynamic-detection-lib-dir pointing to /usr/local/lib/snort_dynamicrule
> gives:
> 
> [...]
> Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrule/...
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrule//lib_sfdynamic_example_rule.so... done
>   Finished Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrule/
> [...]
> DynamicPlugin: Rule [3:109] not enabled in configuration, rule will not be
> used.
> DynamicPlugin: Rule [3:637] not enabled in configuration, rule will not be
> used.
> [...]
> 
> Q: How do I enable the two example dynamic rules in my configuration, such
> that they will be used by Snort? Thanks a bunch guys, I am almost there...
> 
> Many thanks,
> c0uch
> 
> FYI, I applied the following patch to the dynamic-rule Makefile.am. The only
> difference from your suggested changes, Steve, was to add the
> "noinst_libdir" definition. Without it, automake would bomb out with errors.
> 
> --- snort-2.8.0/src/dynamic-examples/dynamic-rule/Makefile.am   2006-02-08
> 13:37:49.000000000 -0500
> +++ snort-2.8.0-wrk/src/dynamic-examples/dynamic-rule/Makefile.am
> 2007-10-12 13:43:35.000000000 -0400
> @@ -4,10 +4,11 @@
>  INCLUDES = -I../include
> 
>  libdir = ${exec_prefix}/lib/snort_dynamicrules
> +noinst_libdir = ${exec_prefix}/lib/snort_dynamicrules
> 
> -noinst_LTLIBRARIES = lib_sfdynamic_example_rule.la
> +noinst_lib_LTLIBRARIES = lib_sfdynamic_example_rule.la
> 
> -lib_sfdynamic_example_rule_la_LDFLAGS = -module
> +lib_sfdynamic_example_rule_la_LDFLAGS = -export-dynamic
> 
>  BUILT_SOURCES = \
>  sfsnort_dynamic_detection_lib.c \
> 




More information about the Snort-devel mailing list