[Snort-users] Snort 2.6.1 Beta 2 Question (snort_dynamicrule/)

Justin Heath justin.heath at ...11827...
Mon Oct 30 15:16:48 EST 2006


In case anyone is interested you can grab the current so rules from
the current VRT rulepack.

so_rules/bad-traffic.c
so_rules/dos.c
so_rules/exploit.c
so_rules/p2p.c

Cheers,
Justin

On 10/30/06, Justin Heath <justin.heath at ...11827...> wrote:
> No problem.
>
> Nope, it's just an example.
>
> Also, if you don't have any dynamic rules enabled you don't need the dynamic
> engine turned on.
>
>
> Cheers,
> Justin
>
>
> On 10/30/06, Eric Hines <eric.hines at ...8860...> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Ahh thanks. So its commented out by default and at some point the
> > comment was removed from my file.
> >
> > So Sourcefire isn't going to create and distribute this example .SO file?
> >
> > Best Regards,
> >
> > Eric Hines, GCIA, CISSP
> > CEO, President
> > Applied Watch Technologies, LLC
> > 1095 Pingree Road
> > Suite 221
> > Crystal Lake, IL 60014
> > Toll Free: (877) 262-7593
> > Fax: (847) 854-5106
> > Cell: (847) 456-6785
> > Web: www.appliedwatch.com
> >
> >
> >
> > Justin Heath wrote:
> > > It looks like you are trying to load an example dynamic rule. This is
> > > purely an example for those who want to create an example rule it is not
> > > meant to be loaded.
> > >
> > > On 10/30/06, * Eric Hines* <eric.hines at ...8860...
> > > <mailto:eric.hines at ...8860... >> wrote:
> > >
> > > All,
> > >
> > > Has anyone here moved from Snort 2.6.0.x to Snort 2.6.1 yet? By default,
> > > the following dynamic directories are created in /usr/local/lib:
> > >
> > > /usr/local/lib/snort_dynamicengine
> > > /usr/local/lib/snort_dynamicpreprocessor
> > >
> > > However, when enabling all of the options in the new DNS Preprocessor it
> > > causes Snort to fail with the error:
> > >
> > > Rule application order:
> > >
> ->activation->dynamic->pass->drop->sdrop->reject->alert->log
> > > Log directory =
> > >
> /usr/local/appliedwatch/agent/data/agent.RyupiI/var/snort/log
> > > Loading dynamic engine
> > > /usr/local/lib/snort_dynamicengine/libsf_engine.so...
> done
> > > Loading all dynamic detection libs from
> > > /usr/local/lib/snort_dynamicrule/...
> > > Warning: Directory /usr/local/lib/snort_dynamicrule/
> does not exist!
> > >   Finished Loading all dynamic detection libs from
> > > /usr/local/lib/snort_dynamicrule/
> > > Loading dynamic detection library
> > >
> /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so...
> ERROR:
> > > Failed to load
> > >
> /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so:
> > >
> /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so:
> cannot open
> > > shared object file: No such file or directory
> > > Fatal Error, Quitting..
> > >
> > >
> > >
> > > The odd thing is that the
> /usr/local/lib/snort_dynamicrule directory is
> > > not created during the Snort installation. Fine if the directory must be
> > > created manually, but where do I get the libdynamicexamplerule.so
> > > file from?
> > >
> > >
> > >
> > >
> >
> > -
> -------------------------------------------------------------------------
> >
> > Using Tomcat but need to do more? Need to support web services,
> > security?
> > Get stuff done quickly with pre-integrated technology to make your
> > job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > Geronimo
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >
> <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > <mailto: Snort-users at lists.sourceforge.net>
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (Darwin)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> >
> iD8DBQFFRkS71va6QYTV0EMRAltQAJwI19sp0kt/NhE8xthjEYRNC85BiACgmMbk
> > pExInptoRbWzgFnLdFWW4iM=
> > =oBNL
> > -----END PGP SIGNATURE-----
> >
>
>




More information about the Snort-users mailing list