[Snort-sigs] Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail

Eoin Miller eoin.miller at ...3415...
Thu Jan 28 17:34:42 EST 2010


We are trying to compile the snort dynamic rules from source. Reason 
being is that we are running 2.8.5.2 and the precompiled rules contained 
within the tarball complain about LibVersion when we try to execute 
Snort. When we try to run make inside of so_rules/src, we get the 
following output:

user at ...1481...:~/usr/src/snort-2.8.5.2/so_rules/src$ make
ls: cannot access web-activex_*.c: No such file or directory
ls: cannot access web-iis_*.c: No such file or directory
ls: cannot access sql_*.c: No such file or directory
ls: cannot access multimedia_*.c: No such file or directory
dos_openldap-authcid.c:193: warning: âskip_over_dataâ defined but not used
building p2p ... done
building dos ... done
building exploit ... done
building bad-traffic ... done
building web-activex ... gcc: web-activex_*.o: No such file or directory

We have pulled the web-activex, web-iis, sql and multimedia items out of 
the lib array within the so_rules/src/Makefile and it will compile 
correctly. However, are files missing from the source tree that are 
required to compile and use these rules for a reason? The precompiled 
directories have the web-activex/web-iis/sql/multimedia SO files in them...

Also, noticed the so_rules/src/Makefile has a SNORT_VERSION variable set 
to 2.8.0.2 by default. If we update it to the corresponding current 
version value of 2.8.5.2, it also fails to compile as this isn't in the 
Makefile. We fell back to setting the option to 2.8.5.1 and it compiled 
without issue but hopefully the args required for 2.8.5.2 are the same 
as 2.8.5.1?

 From so_rules/src/Makefile
---snip---
ifeq (${SNORT_VERSION},2.8.5.1)
MYCFLAGS+= -DHAS_METADATA=1 -DHAS_SESSION_DATA=1 -DREQ_ENGINE_LIB_MINOR=9
SEEN=1
---snip---

-- Eoin





More information about the Snort-sigs mailing list