[Snort-users] Gentoo Linux Snort Users

Jason Wallace jason.r.wallace at ...11827...
Thu Feb 24 17:08:05 EST 2011


You are not manually trying to patch it are you?

what is the output of "emerge -pv snort" say?

On Thu, Feb 24, 2011 at 4:56 PM, NA <dustypath at ...5068...> wrote:
> Billy? Ouch, haven't been called that since I lived in Tennesee!
>
> The patch referred to is the disabledynamic.patch, just added as well as
> Snort-2.9.0.4 to portage. Thanks for clearing up the reason for the empty
> directory. I have pulledpork working but the directory remains empty.
>
> The file
>
> cat
> /var/tmp/portage/net-analyzer/snort-2.9.0.4/temp/disabledynamic.patch.out
> ***** disabledynamic.patch *****
>
> ================================
>
> PATCH COMMAND:  patch -p0 -g0 -E --no-backup-if-mismatch <
> '/usr/portage/net-analyzer/snort/files/disabledynamic.patch'
>
> ================================
> patching file src/fpcreate.c
> Hunk #1 FAILED at 70.
> Hunk #2 FAILED at 1812.
> 2 out of 2 hunks FAILED -- saving rejects to file src/fpcreate.c.rej
> patching file src/dynamic-plugins/sf_dynamic_define.h
> Hunk #1 FAILED at 96.
> 1 out of 1 hunk FAILED -- saving rejects to file
> src/dynamic-plugins/sf_dynamic_define.h.rej
> patching file src/dynamic-plugins/sf_dynamic_engine.h
> Hunk #1 FAILED at 77.
> 1 out of 1 hunk FAILED -- saving rejects to file
> src/dynamic-plugins/sf_dynamic_engine.h.rej
> patching file src/preprocessors/Stream5/snort_stream5_tcp.c
> Hunk #1 FAILED at 816.
> 1 out of 1 hunk FAILED -- saving rejects to file
> src/preprocessors/Stream5/snort_stream5_tcp.c.rej
> ================================
>
> A programmer I am not but it seems I have files missing, question is why?
> So would it be correct to say PulledPork doesn't download anything to
> ...../dynamicrules due to no precompiled OS in pulledpork.conf being chosen
> by me?
>
> Thx
>
>
>> BTW Billy,
>>
>> There are no precompilled rules for Gentoo. I've had good luck with
>> the Ubuntu precompiled rules.
>>
>>
>>
>> On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace
>> <jason.r.wallace at ...11827...>  wrote:
>>>
>>> Billy,
>>>
>>> "as the patch fails when emerging the new ebuild" which patch are you
>>> referring to?
>>>
>>> /usr/lib64/dynamicrules is empty because the so_rules are not shipped
>>> with the snort package. That directory is the drop zone for the SO
>>> rules you should pull with pulledpork.
>>>
>>> Wally
>>>
>>> On Thu, Feb 24, 2011 at 4:19 PM, NA<dustypath at ...5068...>  wrote:
>>>>
>>>> Thank you very much for your work, I was just lamenting this morning
>>>> over a
>>>> new install of 2.9.03 that FPs all over the place compared to 2.9.0.4!
>>>>
>>>> I am having trouble though as the patch fails when emerging the new
>>>> ebuild.
>>>> I was having trouble with dynamic detection already, the directory
>>>> /usr/lib64/dynamicrules is empty and attempts to build the so_rules
>>>> fails
>>>> with a segfault (probably because of the empty directory, nothing to
>>>> work
>>>> on). I will post a bug report at bug.gentoo.org unless you have any
>>>> insight
>>>> that this is my screw up!
>>>>
>>>> Thanks again
>>>>
>>>> Bill B
>>>>>
>>>>> Howdy!
>>>>>
>>>>> Just wanted to give an update on the current Snort ebuild and the
>>>>> ebuilds for some snort related packages.
>>>>>
>>>>> Snort-2.9.0.4
>>>>> This was committed to portage this afternoon, so it should hit the
>>>>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>>>>> bug we found when trying to compile with the dynamicplugins USE flag
>>>>> disabled. The Sourcefire folks provided a patch for this.
>>>>>
>>>>> The ebuild is currently stable for amd64 and unstable for x86. The
>>>>> unstable is due to the prelude package being unstable. I'm considering
>>>>> yanking support for Prelude from the ebuild. This is something that
>>>>> should be handled by Barnyard2 anyways. If you are violently opposed
>>>>> to dropping Prelude support, then shoot me an email. Also, I will
>>>>> likely drop the ipv6 USE flag in the next version and hard code in
>>>>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>>>>> how that affects ipvar/portvar and var.
>>>>>
>>>>> I've gotten a number of emails from Gentoo folks looking for
>>>>> config.log and build.log when working bugs with SF. Since the build
>>>>> environment gets cleaned up after the package is installed these were
>>>>> not available. With the 2.9.0.4 ebuild you can now find both of these
>>>>> files in the "support" directory in the package's doc directory.
>>>>>
>>>>> daq-0.5
>>>>> This ebuild is currently stable for amd64 and unstable for x86. This
>>>>> will likely stabilize when Snort does. This version does not have the
>>>>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>>>>> some time soon.
>>>>>
>>>>> Barnyard2-1.9
>>>>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>>>>> fairly new, that is why it is not stabilized yet. There are some
>>>>> issues with this ebuild. It currently only supports the database
>>>>> output plugins and those plugins that get compiled by default. The is
>>>>> no ipv6 support. Barnyard2 currently does not compile with
>>>>> --enable-ipv6. I've bugged this upstream.
>>>>>
>>>>>
>>>>> The above are all in the main portage tree. The following packages
>>>>> have been committed to the Sunrise Overlay
>>>>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>>>>> to get these into the main distro tree, but they live in Sunrise for
>>>>> now.
>>>>>
>>>>> Pulledpork-0.5
>>>>> No known issues.
>>>>>
>>>>> daemonlogger-1.2.1
>>>>> No known issues. Supports both tap and logging mode in the init
>>>>> scripts.
>>>>>
>>>>> hogger-2.1
>>>>> No known issues.
>>>>>
>>>>> If you want to help out with any of these packages or you just want
>>>>> access to them before they are committed to the trees, you can add my
>>>>> Github repository as an overly https://github.com/wally3514/Gentoo.
>>>>> This is a development space so YMMV.
>>>>>
>>>>> thx,
>>>>> Wally
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Free Software Download: Index, Search&    Analyze Logs and other IT
>>>>> data in
>>>>> Real-Time with Splunk. Collect, index and harness all the fast moving
>>>>> IT
>>>>> data
>>>>> generated by your applications, servers and devices whether physical,
>>>>> virtual
>>>>> or in the cloud. Deliver compliance at lower cost and gain new business
>>>>> insights. http://p.sf.net/sfu/splunk-dev2dev
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>>
>
>




More information about the Snort-users mailing list