[Snort-users] Gentoo Linux Snort Users

NA dustypath at ...5068...
Thu Feb 24 16:56:40 EST 2011


Billy? Ouch, haven't been called that since I lived in Tennesee!

The patch referred to is the disabledynamic.patch, just added as well as 
Snort-2.9.0.4 to portage. Thanks for clearing up the reason for the 
empty directory. I have pulledpork working but the directory remains empty.

The file

cat 
/var/tmp/portage/net-analyzer/snort-2.9.0.4/temp/disabledynamic.patch.out
***** disabledynamic.patch *****

================================

PATCH COMMAND:  patch -p0 -g0 -E --no-backup-if-mismatch < 
'/usr/portage/net-analyzer/snort/files/disabledynamic.patch'

================================
patching file src/fpcreate.c
Hunk #1 FAILED at 70.
Hunk #2 FAILED at 1812.
2 out of 2 hunks FAILED -- saving rejects to file src/fpcreate.c.rej
patching file src/dynamic-plugins/sf_dynamic_define.h
Hunk #1 FAILED at 96.
1 out of 1 hunk FAILED -- saving rejects to file 
src/dynamic-plugins/sf_dynamic_define.h.rej
patching file src/dynamic-plugins/sf_dynamic_engine.h
Hunk #1 FAILED at 77.
1 out of 1 hunk FAILED -- saving rejects to file 
src/dynamic-plugins/sf_dynamic_engine.h.rej
patching file src/preprocessors/Stream5/snort_stream5_tcp.c
Hunk #1 FAILED at 816.
1 out of 1 hunk FAILED -- saving rejects to file 
src/preprocessors/Stream5/snort_stream5_tcp.c.rej
================================

A programmer I am not but it seems I have files missing, question is why?
So would it be correct to say PulledPork doesn't download anything to 
...../dynamicrules due to no precompiled OS in pulledpork.conf being 
chosen by me?

Thx


> BTW Billy,
>
> There are no precompilled rules for Gentoo. I've had good luck with
> the Ubuntu precompiled rules.
>
>
>
> On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace
> <jason.r.wallace at ...11827...>  wrote:
>> Billy,
>>
>> "as the patch fails when emerging the new ebuild" which patch are you
>> referring to?
>>
>> /usr/lib64/dynamicrules is empty because the so_rules are not shipped
>> with the snort package. That directory is the drop zone for the SO
>> rules you should pull with pulledpork.
>>
>> Wally
>>
>> On Thu, Feb 24, 2011 at 4:19 PM, NA<dustypath at ...5068...>  wrote:
>>> Thank you very much for your work, I was just lamenting this morning over a
>>> new install of 2.9.03 that FPs all over the place compared to 2.9.0.4!
>>>
>>> I am having trouble though as the patch fails when emerging the new ebuild.
>>> I was having trouble with dynamic detection already, the directory
>>> /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails
>>> with a segfault (probably because of the empty directory, nothing to work
>>> on). I will post a bug report at bug.gentoo.org unless you have any insight
>>> that this is my screw up!
>>>
>>> Thanks again
>>>
>>> Bill B
>>>> Howdy!
>>>>
>>>> Just wanted to give an update on the current Snort ebuild and the
>>>> ebuilds for some snort related packages.
>>>>
>>>> Snort-2.9.0.4
>>>> This was committed to portage this afternoon, so it should hit the
>>>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>>>> bug we found when trying to compile with the dynamicplugins USE flag
>>>> disabled. The Sourcefire folks provided a patch for this.
>>>>
>>>> The ebuild is currently stable for amd64 and unstable for x86. The
>>>> unstable is due to the prelude package being unstable. I'm considering
>>>> yanking support for Prelude from the ebuild. This is something that
>>>> should be handled by Barnyard2 anyways. If you are violently opposed
>>>> to dropping Prelude support, then shoot me an email. Also, I will
>>>> likely drop the ipv6 USE flag in the next version and hard code in
>>>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>>>> how that affects ipvar/portvar and var.
>>>>
>>>> I've gotten a number of emails from Gentoo folks looking for
>>>> config.log and build.log when working bugs with SF. Since the build
>>>> environment gets cleaned up after the package is installed these were
>>>> not available. With the 2.9.0.4 ebuild you can now find both of these
>>>> files in the "support" directory in the package's doc directory.
>>>>
>>>> daq-0.5
>>>> This ebuild is currently stable for amd64 and unstable for x86. This
>>>> will likely stabilize when Snort does. This version does not have the
>>>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>>>> some time soon.
>>>>
>>>> Barnyard2-1.9
>>>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>>>> fairly new, that is why it is not stabilized yet. There are some
>>>> issues with this ebuild. It currently only supports the database
>>>> output plugins and those plugins that get compiled by default. The is
>>>> no ipv6 support. Barnyard2 currently does not compile with
>>>> --enable-ipv6. I've bugged this upstream.
>>>>
>>>>
>>>> The above are all in the main portage tree. The following packages
>>>> have been committed to the Sunrise Overlay
>>>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>>>> to get these into the main distro tree, but they live in Sunrise for
>>>> now.
>>>>
>>>> Pulledpork-0.5
>>>> No known issues.
>>>>
>>>> daemonlogger-1.2.1
>>>> No known issues. Supports both tap and logging mode in the init scripts.
>>>>
>>>> hogger-2.1
>>>> No known issues.
>>>>
>>>> If you want to help out with any of these packages or you just want
>>>> access to them before they are committed to the trees, you can add my
>>>> Github repository as an overly https://github.com/wally3514/Gentoo.
>>>> This is a development space so YMMV.
>>>>
>>>> thx,
>>>> Wally
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Free Software Download: Index, Search&    Analyze Logs and other IT data in
>>>> Real-Time with Splunk. Collect, index and harness all the fast moving IT
>>>> data
>>>> generated by your applications, servers and devices whether physical,
>>>> virtual
>>>> or in the cloud. Deliver compliance at lower cost and gain new business
>>>> insights. http://p.sf.net/sfu/splunk-dev2dev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>





More information about the Snort-users mailing list