[Snort-users] Unable to use dynamicrules on CentOS 6.4 x86_64

Jaspal jaspal at ...16427...
Fri Jul 5 11:56:16 EDT 2013


On Friday 05 July 2013 08:11 PM, Jason Ish wrote:
> On Fri, Jul 5, 2013 at 7:20 AM, Jaspal <jaspal at ...16427... 
> <mailto:jaspal at ...16427...>> wrote:
>
>     On Friday 05 July 2013 05:47 PM, waldo kitty wrote:
>     > On 7/5/2013 05:47, Jaspal wrote:
>     >> Hi,
>     >>
>     >> I am trying to use the dynamic rules present in
>     snort-rules-snapshot-2495 with
>     >> snort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.
>     > is this "snort-2.9.5" a typo? if not, then that's part of your
>     problem... in
>     > many cases you cannot mix rules for one version of snort with a
>     different
>     > version of snort... the dynamic rules are definitely an example
>     of this...
>     Thanks for the response.
>     It's not a typo. That's the latest tar on the site and I could not
>     find
>     sources of older versions. ( Why not a give a link ? )
>     I understand that we can't mix apples and oranges.
>     But the 4 latest snortrules-snapshot (available to registered
>     users) all
>     end in 29{40,41,45,46,31} under the section 'Snort v2.9'. Again no
>     older
>     releases.
>     Perhaps, you could just tell me how to choose a correct set of rules
>     with the snort-2.9.5 version and where can I find them.
>     >> I have compiled daq and snort from source. Used libdnet and
>     libdnet-devel from
>     >> the rpm repo.
>     > does not matter in this case...
>     >
>     >> I get the following error upon trying to use the precompiled
>     shared libs from
>     >> either of RHEL-6.0 or CentOS-5.4 :
>     >> "The dynamic detection library
>     >> "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0
>     compiled with
>     >> dynamic engine library version 1.17 isn't compatible with the
>     current dynamic
>     >> engine library
>     "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.0"
>     > this tells you exactly what the error is and where...
>     >
>     >> Both the snort-rules and snort are compiled from the latest
>     sources.
>     >> It looks like a version mismatch. But where exactly ?
>     > inside the compiled so rules file(s)... the above message tells
>     you that the
>     > version 1.0 of web-activex.so compiled with dynamic engine
>     library 1.17  is not
>     > compatible with the current dynamic engine library 2.0...
>     >
>     >> Or is there a way to compile the shared libs and use them ?
>     > yes but i'm not familiar with how to do it... someone else will
>     have to speak on
>     > this...
>     >
>     >> Also, why does snort provide precompiled shared libs for
>     CentOS-6.x ?
>     > someone else will have to speak on this, too...
>
>
> I think for now you are best to use Snort 2.9.4.6 so you can use the 
> SO rules.  Here's a direct download link as I don't think its provided 
> on the Snort download page:
>
> http://www.snort.org/dl/snort-current/snort-2.9.4.6.tar.gz
Thanks ! It worked.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130705/c17ea5fc/attachment.html>


More information about the Snort-users mailing list