[Snort-sigs] Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail

Nigel Houghton nhoughton at ...435...
Thu Jan 28 17:49:48 EST 2010


On Thu, Jan 28, 2010 at 5:34 PM, Eoin Miller
<eoin.miller at ...3415...> wrote:
> We are trying to compile the snort dynamic rules from source. Reason
> being is that we are running 2.8.5.2 and the precompiled rules contained
> within the tarball complain about LibVersion when we try to execute
> Snort. When we try to run make inside of so_rules/src, we get the
> following output:
>
> user at ...1481...:~/usr/src/snort-2.8.5.2/so_rules/src$ make
> ls: cannot access web-activex_*.c: No such file or directory
> ls: cannot access web-iis_*.c: No such file or directory
> ls: cannot access sql_*.c: No such file or directory
> ls: cannot access multimedia_*.c: No such file or directory
> dos_openldap-authcid.c:193: warning: âskip_over_dataâ defined but not used
> building p2p ... done
> building dos ... done
> building exploit ... done
> building bad-traffic ... done
> building web-activex ... gcc: web-activex_*.o: No such file or directory
>
> We have pulled the web-activex, web-iis, sql and multimedia items out of
> the lib array within the so_rules/src/Makefile and it will compile
> correctly. However, are files missing from the source tree that are
> required to compile and use these rules for a reason? The precompiled
> directories have the web-activex/web-iis/sql/multimedia SO files in them...
>
> Also, noticed the so_rules/src/Makefile has a SNORT_VERSION variable set
> to 2.8.0.2 by default. If we update it to the corresponding current
> version value of 2.8.5.2, it also fails to compile as this isn't in the
> Makefile. We fell back to setting the option to 2.8.5.1 and it compiled
> without issue but hopefully the args required for 2.8.5.2 are the same
> as 2.8.5.1?
>
>  From so_rules/src/Makefile
> ---snip---
> ifeq (${SNORT_VERSION},2.8.5.1)
> MYCFLAGS+= -DHAS_METADATA=1 -DHAS_SESSION_DATA=1 -DREQ_ENGINE_LIB_MINOR=9
> SEEN=1
> ---snip---
>
> -- Eoin
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>


If you could tell us the error you are getting from the precompiled
rules, we might be able to help you run those rules.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-sigs mailing list