[Snort-users] Fix for Unknown preprocessor: "sensitive_data" when using snort.spec to build an RPM

Seth Art sethsec at ...11827...
Thu May 13 15:56:27 EDT 2010


I made a similar post to the list back in April 09 regarding dce2 when
that came out.  For those of you who are creating your own snort RPMs
from the snort.spec file supplied in the snort-2.8.6 tarball, you will
have to add a few lines to get dce2 and sdf (sensitive data)
preprocessors compiling into the RPM successfully.

The error I received before I made the changes below was:

May 13 17:33:02 Snort2 snort[9778]: FATAL ERROR:
/etc/snort/snort.conf(322) Unknown preprocessor: "sensitive_data".


Below are the additions:

(New lines in the %install section, below the ln_s line for
"libsf_dcerpc_preproc.so.0")

             %__install -p -m 0755
plain/src/dynamic-preprocessors/build/%{_prefix}/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0
$RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor
 %__ln_s -f %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_dce2_preproc.so.0
$RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}
_dynamicpreprocessor/libsf_dce2_preproc.so

        %__install -p -m 0755
plain/src/dynamic-preprocessors/build/%{_prefix}/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0
$RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor
        %__ln_s -f
%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_sdf_preproc.so.0
$RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_sdf_preproc.so



(New lines in the %files section, below the attr line for
libsf_dcerpc_preproc.*)

%attr(0755,root,root)
%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_dce2_preproc.*
%attr(0755,root,root)
%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_sdf_preproc.*

Hopefully this saves someone some time down the road.

-Seth




More information about the Snort-users mailing list