[Snort-users] wrong ELF class with /usr/lib64/snort-2.8.6_dynamicengine/libsf_engine.so

Andy Madsen amadsen at ...11827...
Thu Jun 3 11:42:09 EDT 2010

Not sure what I've done wrong, but I build an RPM from source on Centos 
5-2, and installed the latest rules into /etc/snort/rules. I haven't 
done any customizations, so I figured it would pretty much run out of 
the box with the latest rules from here:

cp rules /etc/snort/rules -R
cp so_rules /etc/snort/so_rules -R
cp preproc_rules /etc/snort/preproc_rules -R

Everything went great until i test the configuration:

root at ...274... # snort -c /etc/snort/snort.conf
Running in IDS mode

         --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80 2301 3128 7777 7779 8000 8008 8028 
8080 8180 8888 9999 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
    Search-Method = AC-BNFA-Q
Tagged Packet Limit: 256
Loading dynamic engine 
/usr/lib64/snort-2.8.6_dynamicengine/libsf_engine.so... ERROR: Failed to 
load /usr/lib64/snort-2.8.6_dynamicengine/libsf_engine.so: 
/usr/lib64/snort-2.8.6_dynamicengine/libsf_engine.so: wrong ELF class: 

It's a 64 bit machine, and all libs are 64 bit, so do I have an 
incorrect ruleset?

Andy Madsen

More information about the Snort-users mailing list