[Snort-users] Gentoo Linux Snort Users

Jason Wallace jason.r.wallace at ...11827...
Thu Feb 24 16:41:05 EST 2011


BTW Billy,

There are no precompilled rules for Gentoo. I've had good luck with
the Ubuntu precompiled rules.



On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace
<jason.r.wallace at ...11827...> wrote:
> Billy,
>
> "as the patch fails when emerging the new ebuild" which patch are you
> referring to?
>
> /usr/lib64/dynamicrules is empty because the so_rules are not shipped
> with the snort package. That directory is the drop zone for the SO
> rules you should pull with pulledpork.
>
> Wally
>
> On Thu, Feb 24, 2011 at 4:19 PM, NA <dustypath at ...5068...> wrote:
>> Thank you very much for your work, I was just lamenting this morning over a
>> new install of 2.9.03 that FPs all over the place compared to 2.9.0.4!
>>
>> I am having trouble though as the patch fails when emerging the new ebuild.
>> I was having trouble with dynamic detection already, the directory
>> /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails
>> with a segfault (probably because of the empty directory, nothing to work
>> on). I will post a bug report at bug.gentoo.org unless you have any insight
>> that this is my screw up!
>>
>> Thanks again
>>
>> Bill B
>>>
>>> Howdy!
>>>
>>> Just wanted to give an update on the current Snort ebuild and the
>>> ebuilds for some snort related packages.
>>>
>>> Snort-2.9.0.4
>>> This was committed to portage this afternoon, so it should hit the
>>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>>> bug we found when trying to compile with the dynamicplugins USE flag
>>> disabled. The Sourcefire folks provided a patch for this.
>>>
>>> The ebuild is currently stable for amd64 and unstable for x86. The
>>> unstable is due to the prelude package being unstable. I'm considering
>>> yanking support for Prelude from the ebuild. This is something that
>>> should be handled by Barnyard2 anyways. If you are violently opposed
>>> to dropping Prelude support, then shoot me an email. Also, I will
>>> likely drop the ipv6 USE flag in the next version and hard code in
>>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>>> how that affects ipvar/portvar and var.
>>>
>>> I've gotten a number of emails from Gentoo folks looking for
>>> config.log and build.log when working bugs with SF. Since the build
>>> environment gets cleaned up after the package is installed these were
>>> not available. With the 2.9.0.4 ebuild you can now find both of these
>>> files in the "support" directory in the package's doc directory.
>>>
>>> daq-0.5
>>> This ebuild is currently stable for amd64 and unstable for x86. This
>>> will likely stabilize when Snort does. This version does not have the
>>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>>> some time soon.
>>>
>>> Barnyard2-1.9
>>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>>> fairly new, that is why it is not stabilized yet. There are some
>>> issues with this ebuild. It currently only supports the database
>>> output plugins and those plugins that get compiled by default. The is
>>> no ipv6 support. Barnyard2 currently does not compile with
>>> --enable-ipv6. I've bugged this upstream.
>>>
>>>
>>> The above are all in the main portage tree. The following packages
>>> have been committed to the Sunrise Overlay
>>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>>> to get these into the main distro tree, but they live in Sunrise for
>>> now.
>>>
>>> Pulledpork-0.5
>>> No known issues.
>>>
>>> daemonlogger-1.2.1
>>> No known issues. Supports both tap and logging mode in the init scripts.
>>>
>>> hogger-2.1
>>> No known issues.
>>>
>>> If you want to help out with any of these packages or you just want
>>> access to them before they are committed to the trees, you can add my
>>> Github repository as an overly https://github.com/wally3514/Gentoo.
>>> This is a development space so YMMV.
>>>
>>> thx,
>>> Wally
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Free Software Download: Index, Search&  Analyze Logs and other IT data in
>>> Real-Time with Splunk. Collect, index and harness all the fast moving IT
>>> data
>>> generated by your applications, servers and devices whether physical,
>>> virtual
>>> or in the cloud. Deliver compliance at lower cost and gain new business
>>> insights. http://p.sf.net/sfu/splunk-dev2dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>




More information about the Snort-users mailing list