[Snort-users] Gentoo Linux Snort Users
jason.r.wallace at ...11827...
Thu Feb 24 16:41:05 EST 2011
There are no precompilled rules for Gentoo. I've had good luck with
the Ubuntu precompiled rules.
On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace
<jason.r.wallace at ...11827...> wrote:
> "as the patch fails when emerging the new ebuild" which patch are you
> referring to?
> /usr/lib64/dynamicrules is empty because the so_rules are not shipped
> with the snort package. That directory is the drop zone for the SO
> rules you should pull with pulledpork.
> On Thu, Feb 24, 2011 at 4:19 PM, NA <dustypath at ...5068...> wrote:
>> Thank you very much for your work, I was just lamenting this morning over a
>> new install of 2.9.03 that FPs all over the place compared to 184.108.40.206!
>> I am having trouble though as the patch fails when emerging the new ebuild.
>> I was having trouble with dynamic detection already, the directory
>> /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails
>> with a segfault (probably because of the empty directory, nothing to work
>> on). I will post a bug report at bug.gentoo.org unless you have any insight
>> that this is my screw up!
>> Thanks again
>> Bill B
>>> Just wanted to give an update on the current Snort ebuild and the
>>> ebuilds for some snort related packages.
>>> This was committed to portage this afternoon, so it should hit the
>>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>>> bug we found when trying to compile with the dynamicplugins USE flag
>>> disabled. The Sourcefire folks provided a patch for this.
>>> The ebuild is currently stable for amd64 and unstable for x86. The
>>> unstable is due to the prelude package being unstable. I'm considering
>>> yanking support for Prelude from the ebuild. This is something that
>>> should be handled by Barnyard2 anyways. If you are violently opposed
>>> to dropping Prelude support, then shoot me an email. Also, I will
>>> likely drop the ipv6 USE flag in the next version and hard code in
>>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>>> how that affects ipvar/portvar and var.
>>> I've gotten a number of emails from Gentoo folks looking for
>>> config.log and build.log when working bugs with SF. Since the build
>>> environment gets cleaned up after the package is installed these were
>>> not available. With the 220.127.116.11 ebuild you can now find both of these
>>> files in the "support" directory in the package's doc directory.
>>> This ebuild is currently stable for amd64 and unstable for x86. This
>>> will likely stabilize when Snort does. This version does not have the
>>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>>> some time soon.
>>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>>> fairly new, that is why it is not stabilized yet. There are some
>>> issues with this ebuild. It currently only supports the database
>>> output plugins and those plugins that get compiled by default. The is
>>> no ipv6 support. Barnyard2 currently does not compile with
>>> --enable-ipv6. I've bugged this upstream.
>>> The above are all in the main portage tree. The following packages
>>> have been committed to the Sunrise Overlay
>>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>>> to get these into the main distro tree, but they live in Sunrise for
>>> No known issues.
>>> No known issues. Supports both tap and logging mode in the init scripts.
>>> No known issues.
>>> If you want to help out with any of these packages or you just want
>>> access to them before they are committed to the trees, you can add my
>>> Github repository as an overly https://github.com/wally3514/Gentoo.
>>> This is a development space so YMMV.
>>> Free Software Download: Index, Search& Analyze Logs and other IT data in
>>> Real-Time with Splunk. Collect, index and harness all the fast moving IT
>>> generated by your applications, servers and devices whether physical,
>>> or in the cloud. Deliver compliance at lower cost and gain new business
>>> insights. http://p.sf.net/sfu/splunk-dev2dev
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> Snort-users list archive:
More information about the Snort-users