[Snort-users] SuSe Linux and the so_rules

Sven Wurth swurth at ...9753...
Thu Feb 5 03:43:21 EST 2009


Hi Tedi,

I'm not sure if this is right, because:

Some new rules will only delivered as a precompiled so_rule,
in the ruleset there are sources for recompiling your own so_rules but
you will get not all rules.
That's because (from sourcefire vrt: "Due to contract terms with some
3rd party research organizations,
a number of VRT certified rules will only be delivered as binaries.")

These binaries must fit with the libc from your distro ... 


Best regards
Sven
  

-----Original Message-----
From: Tedi Heriyanto [mailto:tedi.heriyanto at ...11827...] 
Sent: Thursday, February 05, 2009 9:14 AM
To: Sven Wurth
Subject: Re: [Snort-users] SuSe Linux and the so_rules

Hi Sven,

On Wed, Feb 4, 2009 at 7:52 PM, Sven Wurth <swurth at ...9753...> wrote:
> we are running SuSe Enterprise Linux 10/11 and we like to use the
newest so_rules.
> But there are no precompiled rules for SuSe, is there any distro
compatible with Suse ?
> Or what can we do ?
CMIIW, if you compile the latest Snort version, you will get the
latest so files.

And you can build RPM package from the snort tarball file by using :

rpmbuild -tb snort-tarball.

Hope this help.

-- 
cheers,

tedi
Blog      : http://theriyanto.wordpress.com
Website : http://tedi.heriyanto.net
You Need More Than Awareness : Stay Alert!




More information about the Snort-users mailing list