[Snort-devel] "stuck at RHEL5"?

Nigel Houghton nhoughton at ...402...
Sat Jan 8 16:07:01 EST 2011


On Sat, 8 Jan 2011 13:57:37 -0500, Joel Esler wrote:
> On Sat, Jan 8, 2011 at 5:53 AM, JP Vossen <jp at ...629...> wrote:

>> So let's go look at the options in a tarball I have laying around:
>> $ tar tvzf snortrules-snapshot-2901.tar.gz | grep 'precompiled' | cut
>> -d'/' -f4 | sort -u
>> Centos-4-8
>> Centos-5-4
>> Debian-Lenny
>> FC-11
>> FC-12
>> FC-9
>> FreeBSD-7-3
>> FreeBSD-8-1
>> OpenSUSE-11-3
>> RHEL-5.0
>> Ubuntu-10-4
>> Ubuntu-8.04
>> 
>> Huh?!?  FC9, 11, 12, but not 10, and all of which are obsolete and
>> unsupported.  But not F13 (that Snort is actually compiled for) or F14
>> (current), not CentOS-5.5 (current).  RHEL-5.0, also unsupported but not
>> RHEL-5.5 (or just use the CentOS).  And why "8.04" (correct) but "10-4"?
>>  WTH is "10-4?"  (80's flashback: 10-4 good buddy! :)
>> 
> 
> Okay, we can correct this, thanks for bringing it to our attention.  
> The VRT maintains a separate build environment that is much larger 
> than the Snort team's build env, simply for the Shared Object rules.  
> (adding OpenBSD to that above list very soon as well.)  Maybe we can 
> get to a point in the near future where we can align the builds for 
> VRT and Snort Dev to make it easier for the community, but then we'll 
> run into the reverse effect, and we'll catch scorn for that as well.  
> So we are between a rock and hard place. But we'll sit down 
> internally and figure this stuff out.
> 
> Personally, I have a box here at the house that is Fedora Core 10.  
> It's running the FC-9 Shared Object rules.  They work fine.  
> Undocumented, but they work.  That's my own personal work around.   I 
> have to maintain my own compiles for libpcap, libdnet, and such as 
> well.  Unfortunately that's the price I pay for not wanting to move 
> my personal box to a higher version.  Not a realistic expectation in 
> the enterprise world.  But that's the price of free software for me.

I can shed light on the platform support for the pre-compiled rules 
since it is my group within the VRT who build and maintain those 
systems that the so rules are built on.

Our intention is to keep pace with the major distributions as far as 
the platforms go. That is, we intend to keep those systems up to date 
with the latest supported version of each distro along with at least 
one supported version back. Right now for example, we have Ubuntu 10-4 
and 8-04. The latest version of Ubuntu is 10-10 yes, however in this 
case Ubuntu 10-4 LTS is the one we are sticking with since that is the 
one designated for long term support (hence the LTS).

As for RHEL, we are planning on adding support for RHEL 6 as soon as 
resources allow, at which point we will also address the 5-0 vs 5-5 
issue.

FC-10 was not added since 11 and 12 were already out, so we went with 
those. The support for FC-9 will more than likely end in the near 
future and we will re-purpose those resources so we can support other 
distros and versions.

On top of all this, we are adding more support for 64 bit platforms 
(another reason for FC-9 still lingering around at the moment since we 
don't have the 64 bit platforms for 11 and 12 yet). It is our intention 
to have i386 and x64 support for each distribution.

We should be able to start shipping so rules for OpenBSD in the coming 
week, we still have some testing to do but that should be completed 
pretty soon. If I was going to stick my neck out and give a date, it 
would probably be Thursday.

All this effort does of course take careful planning and resource 
allocation to achieve these goals. We cannot reach them overnight, it 
takes time. A tremendous amount of work goes on behind the scenes to 
deliver this support, we have made progress already, we have a plan, 
we'll get to a consistent state sooner rather than later.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/




More information about the Snort-devel mailing list