[Snort-sigs] platform support request for VRT precompiled rules

Matt Watchinski mwatchinski at ...435...
Mon May 18 11:23:17 EDT 2009

Sure here's the basic process.

1. Receive user feedback asking for a specific platform to support.
2. Verify that platform is currently not supported, IE try all modules
that are close (similar libc, same arch) on that platform.
3. Log request in bug tracking system.
4. Verify build farm capacity ( min: 1 core, 1 gig ram, 10 gigs disk space)
5. If everything is available, then we'll build a disk image for that
platform, lock it from changing, and add it to the build scripts.

If everything is not available.  No available hardware, no available
diskspace, no IT/VRT guys with cycles to add the boxes and update the
scripts, then things get a bit more complex.

6. Write a business case justification or a general hardware
justification, depending on why I don't have the available resources
to service the request.  This can be as simple as I can use the
additional hardware for other things when its not in use, like test
suite, regression suite, clamav, etc, or as complex as we have X
number of request for platform Y, based on this some number Z of
revenue will be generated to justify the cost of adding the hardware.

7. Request is either approved or denied.  Hardware shows up in a
couple weeks if approved.
8. Open a request to have it installed, usually a day.
9. Schedule disk image creation, and code updates to the build scripts.
10. Once that is all done, regression test the platform to make sure
the pre-compiled rules work with snort and properly do detection.
11. Build test packages and verify the new platform shows up in the
tarballs correctly and contains all the .so's
12. Build real packages, verify them, and release them.
13. Continue to maintain package until its EOL'd or support for
platform is dropped.
14. Users are happier :).  Return to 1 and wait for more requests.

Specifically to your request though.  We've logged it in the bug
tracker, and are evaluating our current capacity in the build farm.
Additionally in the short term you should be able to compile snort in
32-bit mode and use the current Lenny builds if you have the proper
32bit libraries installed on your box.


On Fri, May 15, 2009 at 10:02 AM, Ritter, Nicholas
<Nicholas.Ritter at ...3377...> wrote:
> I would like to make a request that VRT precompiled rules also support the
> 64bit version (amd64) of Debian Lenny. I just installed snort on an amd64
> Lenny system and the precompiled libraries for Lenny (32 bit) don’t work (as
> to be expected.)
> The latest version of OSSIM is 64 bit, and I think Debian based, so there is
> one reason to support the platform. This is assuming that the 1.2 version is
> based on Lenny, which it might not be.
> What is the timeframe/process for adding platform support (just curious)?
> Nicholas
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables
> unlimited royalty-free distribution of the report engine
> for externally facing server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

More information about the Snort-sigs mailing list