[Snort-users] Snort: setup SO rules question.
drewshg at ...11827...
Mon Mar 23 00:43:51 EDT 2015
OS X 10.10.2
Snort 18.104.22.168 GRE (Build 177)
Trying to setup the so rules.
I've read /etc/snort/so_rules/src/README and done all that steps:
1. Make sure the dynamic preprocessor and dynamic engine paths are
defined in snort.conf, for example:
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor
2. Make sure the path to the location of the shared object rules is
also defined in snort.conf, for example:
dynamicdetection directory /usr/local/lib/snort_dynamicrule
3. Dump the stub rules by issuing the command:
snort -c /usr/local/etc/snort/snort.conf
4. Use a variable to define the path to the stub rules, for example:
var SO_RULE_PATH /usr/local/etc/snort/so_rules
5. Include the generated stub rule files in snort.conf in the same way
the regular rules are included, for example:
6. Test the installation by issuing the command:
snort -c /usr/local/etc/snort/snort.conf -T
But there is nothing about where to put the "precompiled" .so files. Should
they go to /usr/local/lib/snort_dynamicrules?
And which distro would work with OS X?
I've tried to put all .so files for FreeBSD 10, but snort says:
Loading dynamic detection library
/usr/local/lib/snort_dynamicrules//browser-ie.so... ERROR: Failed to load
dlopen(/usr/local/lib/snort_dynamicrules//browser-ie.so, 6): no suitable
image found. Did find:
/usr/local/lib/snort_dynamicrules//browser-ie.so: unknown file type,
first eight bytes: 0x7F 0x45 0x4C 0x46 0x02 0x01 0x01 0x09
Fatal Error, Quitting..
This /usr/local/lib/snort_dynamicrules directory is empty right now and
WARNING: No dynamic libraries found in directory
Please point me where to find the explanation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users