[Snort-users] 32-bit dynamic rules libraries on 64-bit Linux (Ubuntu)

Mike Pilkington mpilking at ...11827...
Sat Nov 14 14:01:50 EST 2009


Thanks for your advice.  This fixed my problem.

On 11/14/09, Nigel Houghton <nhoughton at ...1935...> wrote:
> On Fri, Nov 13, 2009 at 7:55 PM, Mike Pilkington <mpilking at ...11827...> wrote:
>> Hi,
>>
>> I've compiled Snort 2.8.5.1 on 64-bit Ubuntu 8.04 Server.  The build
>> process went smoothly as far as I could tell.  But when I started
>> Snort, I get the following error:
>>
>> <snip>
>>
>> PortVar 'DCERPC_BRIGHTSTORE' defined :  [ 6503:6504 ]
>> Detection:
>>   Search-Method = AC-BNFA-Q
>> Tagged Packet Limit: 256
>> Loading dynamic engine
>> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
>> Loading dynamic detection library
>> /usr/local/lib/snort_dynamicrules/bad-traffic.so... ERROR: Failed to
>> load /usr/local/lib/snort_dynamicrules/bad-traffic.so:
>> /usr/local/lib/snort_dynamicrules/bad-traffic.so: wrong ELF class:
>> ELFCLASS32
>> Fatal Error, Quitting..
>>
>> </snip>
>>
>> I found a posting from 2007 regarding this issue and it seemed to be a
>> bug that was fixed in 2.7.0-6
>> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439642).
>>
>> Commenting out "dynamicengine
>> /usr/lib/snort_dynamicengine/libsf_engine.so", as suggested in the
>> posting, does not help.  However, if I comment out all the dynamic
>> rule libraries, Snort runs fine.  But of course I'd like to have the
>> dynamic rules available.
>>
>> Any ideas how I this can be fixed?
>>
>> Thanks for your time,
>> Mike
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
> You are trying to load 32bit objects on a 64bit system. Use the
> correct shared object rules from the rule tarball.
>
>  so_rules/precompiled/Ubuntu-8.04/x86-64/2.8.5.1/
>
> --
> Nigel Houghton
> Head Mentalist
> SF VRT
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
>




More information about the Snort-users mailing list