[Snort-users] snort v2.9.0.4 Fedora 14 Segmentation Fault

John Hally JHally at ...14234...
Wed Feb 16 15:48:56 EST 2011


Interestingly enough when I go to dump the rules snort segfaults:

 

# /usr/local/snort-2.9/bin/snort -c /etc/snort/2.9/etc/snort.conf
--dump-dynamic-rules=/usr/local/snort-2.9/lib/snort_dynamicrules/

Running in Rule Dump mode

 

        --== Initializing Snort ==--

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

...

...

...

Dumping dynamic rules...

  Finished dumping dynamic rules.

Segmentation fault

 

And the rules are never outputted to the snort_dynamicrules directory.

 

 

Thoughts?

 

Thanks.

 

________________________________

From: John Hally 
Sent: Wednesday, February 16, 2011 3:36 PM
To: John Hally; Joel Esler
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] snort v2.9.0.4 Fedora 14 Segmentation Fault

 

Correction, I do not have any of the so_rules enabled in snort.conf,
just the valid path and such.  

 

________________________________

From: John Hally [mailto:JHally at ...14234...] 
Sent: Wednesday, February 16, 2011 3:26 PM
To: Joel Esler
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort v2.9.0.4 Fedora 14 Segmentation Fault

 

Using the default ones in the latest snortrules-snapshot file.  I don't
see a Fedora 14 version of the so_rules though,  

 

??

 

thanks

 

________________________________

From: Joel Esler [mailto:jesler at ...1935...] 
Sent: Wednesday, February 16, 2011 1:57 PM
To: John Hally
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort v2.9.0.4 Fedora 14 Segmentation Fault

 

Are you using Shared Object rules?  If so, are you using the correct
ones?

 

 

 

Joel

 

On Feb 16, 2011, at 11:19 AM, John Hally wrote:

 

Hello All,

 

I'm running into a segmentation fault in snort v2.9.0.4 on Fedora 14.
Has anyone else run into this issue?

 

kernel: [92638.716889] snort[25919]: segfault at 7f45ac47f0f4 ip
00007f45b4b47020 sp 00007fffe68b0a68 error 4 in
libc-2.13.so[7f45b4a17000+191000]

 

--
Joel Esler
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110216/20f3fb2d/attachment.html>


More information about the Snort-users mailing list