[Snort-users] Gentoo Linux Snort Users

Jason Wallace jason.r.wallace at ...11827...
Thu Feb 24 17:19:39 EST 2011


sorry, and yes to the pulledpork question.

On Thu, Feb 24, 2011 at 5:08 PM, Jason Wallace
<jason.r.wallace at ...11827...> wrote:
> You are not manually trying to patch it are you?
>
> what is the output of "emerge -pv snort" say?
>
> On Thu, Feb 24, 2011 at 4:56 PM, NA <dustypath at ...5068...> wrote:
>> Billy? Ouch, haven't been called that since I lived in Tennesee!
>>
>> The patch referred to is the disabledynamic.patch, just added as well as
>> Snort-2.9.0.4 to portage. Thanks for clearing up the reason for the empty
>> directory. I have pulledpork working but the directory remains empty.
>>
>> The file
>>
>> cat
>> /var/tmp/portage/net-analyzer/snort-2.9.0.4/temp/disabledynamic.patch.out
>> ***** disabledynamic.patch *****
>>
>> ================================
>>
>> PATCH COMMAND:  patch -p0 -g0 -E --no-backup-if-mismatch <
>> '/usr/portage/net-analyzer/snort/files/disabledynamic.patch'
>>
>> ================================
>> patching file src/fpcreate.c
>> Hunk #1 FAILED at 70.
>> Hunk #2 FAILED at 1812.
>> 2 out of 2 hunks FAILED -- saving rejects to file src/fpcreate.c.rej
>> patching file src/dynamic-plugins/sf_dynamic_define.h
>> Hunk #1 FAILED at 96.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> src/dynamic-plugins/sf_dynamic_define.h.rej
>> patching file src/dynamic-plugins/sf_dynamic_engine.h
>> Hunk #1 FAILED at 77.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> src/dynamic-plugins/sf_dynamic_engine.h.rej
>> patching file src/preprocessors/Stream5/snort_stream5_tcp.c
>> Hunk #1 FAILED at 816.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> src/preprocessors/Stream5/snort_stream5_tcp.c.rej
>> ================================
>>
>> A programmer I am not but it seems I have files missing, question is why?
>> So would it be correct to say PulledPork doesn't download anything to
>> ...../dynamicrules due to no precompiled OS in pulledpork.conf being chosen
>> by me?
>>
>> Thx
>>
>>
>>> BTW Billy,
>>>
>>> There are no precompilled rules for Gentoo. I've had good luck with
>>> the Ubuntu precompiled rules.
>>>
>>>
>>>
>>> On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace
>>> <jason.r.wallace at ...11827...>  wrote:
>>>>
>>>> Billy,
>>>>
>>>> "as the patch fails when emerging the new ebuild" which patch are you
>>>> referring to?
>>>>
>>>> /usr/lib64/dynamicrules is empty because the so_rules are not shipped
>>>> with the snort package. That directory is the drop zone for the SO
>>>> rules you should pull with pulledpork.
>>>>
>>>> Wally
>>>>
>>>> On Thu, Feb 24, 2011 at 4:19 PM, NA<dustypath at ...5068...>  wrote:
>>>>>
>>>>> Thank you very much for your work, I was just lamenting this morning
>>>>> over a
>>>>> new install of 2.9.03 that FPs all over the place compared to 2.9.0.4!
>>>>>
>>>>> I am having trouble though as the patch fails when emerging the new
>>>>> ebuild.
>>>>> I was having trouble with dynamic detection already, the directory
>>>>> /usr/lib64/dynamicrules is empty and attempts to build the so_rules
>>>>> fails
>>>>> with a segfault (probably because of the empty directory, nothing to
>>>>> work
>>>>> on). I will post a bug report at bug.gentoo.org unless you have any
>>>>> insight
>>>>> that this is my screw up!
>>>>>
>>>>> Thanks again
>>>>>
>>>>> Bill B
>>>>>>
>>>>>> Howdy!
>>>>>>
>>>>>> Just wanted to give an update on the current Snort ebuild and the
>>>>>> ebuilds for some snort related packages.
>>>>>>
>>>>>> Snort-2.9.0.4
>>>>>> This was committed to portage this afternoon, so it should hit the
>>>>>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>>>>>> bug we found when trying to compile with the dynamicplugins USE flag
>>>>>> disabled. The Sourcefire folks provided a patch for this.
>>>>>>
>>>>>> The ebuild is currently stable for amd64 and unstable for x86. The
>>>>>> unstable is due to the prelude package being unstable. I'm considering
>>>>>> yanking support for Prelude from the ebuild. This is something that
>>>>>> should be handled by Barnyard2 anyways. If you are violently opposed
>>>>>> to dropping Prelude support, then shoot me an email. Also, I will
>>>>>> likely drop the ipv6 USE flag in the next version and hard code in
>>>>>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>>>>>> how that affects ipvar/portvar and var.
>>>>>>
>>>>>> I've gotten a number of emails from Gentoo folks looking for
>>>>>> config.log and build.log when working bugs with SF. Since the build
>>>>>> environment gets cleaned up after the package is installed these were
>>>>>> not available. With the 2.9.0.4 ebuild you can now find both of these
>>>>>> files in the "support" directory in the package's doc directory.
>>>>>>
>>>>>> daq-0.5
>>>>>> This ebuild is currently stable for amd64 and unstable for x86. This
>>>>>> will likely stabilize when Snort does. This version does not have the
>>>>>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>>>>>> some time soon.
>>>>>>
>>>>>> Barnyard2-1.9
>>>>>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>>>>>> fairly new, that is why it is not stabilized yet. There are some
>>>>>> issues with this ebuild. It currently only supports the database
>>>>>> output plugins and those plugins that get compiled by default. The is
>>>>>> no ipv6 support. Barnyard2 currently does not compile with
>>>>>> --enable-ipv6. I've bugged this upstream.
>>>>>>
>>>>>>
>>>>>> The above are all in the main portage tree. The following packages
>>>>>> have been committed to the Sunrise Overlay
>>>>>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>>>>>> to get these into the main distro tree, but they live in Sunrise for
>>>>>> now.
>>>>>>
>>>>>> Pulledpork-0.5
>>>>>> No known issues.
>>>>>>
>>>>>> daemonlogger-1.2.1
>>>>>> No known issues. Supports both tap and logging mode in the init
>>>>>> scripts.
>>>>>>
>>>>>> hogger-2.1
>>>>>> No known issues.
>>>>>>
>>>>>> If you want to help out with any of these packages or you just want
>>>>>> access to them before they are committed to the trees, you can add my
>>>>>> Github repository as an overly https://github.com/wally3514/Gentoo.
>>>>>> This is a development space so YMMV.
>>>>>>
>>>>>> thx,
>>>>>> Wally
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Free Software Download: Index, Search&    Analyze Logs and other IT
>>>>>> data in
>>>>>> Real-Time with Splunk. Collect, index and harness all the fast moving
>>>>>> IT
>>>>>> data
>>>>>> generated by your applications, servers and devices whether physical,
>>>>>> virtual
>>>>>> or in the cloud. Deliver compliance at lower cost and gain new business
>>>>>> insights. http://p.sf.net/sfu/splunk-dev2dev
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>
>>>>>
>>
>>
>




More information about the Snort-users mailing list