[Snort-users] 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu)

Nigel Houghton nhoughton at ...1935...
Sat Nov 14 10:44:14 EST 2009


On Fri, Nov 13, 2009 at 7:55 PM, Mike Pilkington <mpilking at ...11827...> wrote:
> Hi,
>
> I've compiled Snort 2.8.5.1 on 64-bit Ubuntu 8.04 Server.  The build
> process went smoothly as far as I could tell.  But when I started
> Snort, I get the following error:
>
> <snip>
>
> PortVar 'DCERPC_BRIGHTSTORE' defined :  [ 6503:6504 ]
> Detection:
>   Search-Method = AC-BNFA-Q
> Tagged Packet Limit: 256
> Loading dynamic engine
> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
> Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/bad-traffic.so... ERROR: Failed to
> load /usr/local/lib/snort_dynamicrules/bad-traffic.so:
> /usr/local/lib/snort_dynamicrules/bad-traffic.so: wrong ELF class:
> ELFCLASS32
> Fatal Error, Quitting..
>
> </snip>
>
> I found a posting from 2007 regarding this issue and it seemed to be a
> bug that was fixed in 2.7.0-6
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439642).
>
> Commenting out "dynamicengine
> /usr/lib/snort_dynamicengine/libsf_engine.so", as suggested in the
> posting, does not help.  However, if I comment out all the dynamic
> rule libraries, Snort runs fine.  But of course I'd like to have the
> dynamic rules available.
>
> Any ideas how I this can be fixed?
>
> Thanks for your time,
> Mike
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


You are trying to load 32bit objects on a 64bit system. Use the
correct shared object rules from the rule tarball.

 so_rules/precompiled/Ubuntu-8.04/x86-64/2.8.5.1/

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list