[Snort-users] Fwd: pulledpork does not generate so rules

xinland66 at ...11827... xinland66 at ...11827...
Thu Sep 10 22:40:20 EDT 2015


> 
> 
> I have installed snort 2.9.7.5 and pulled pork 0.7.0.
> The folder /usr/local/lib/snort_dynamicrules is missing. I have to manually created the folder. Below is the error message from Pulledpork. I did not see any so rules and the folder snort_ynamicrules is empty.
> 
Questions
> — Should I manually create the snort_dynamicrules  folder or I did something wrong on the installation?
> ---The conf file says "##### Deprecated - The stubs are now  categorically written to the  single rule file!
>  sostub_path=/etc/snort/rules/so_rules.rules”. Should I uncomment this if I use the –k option when running pulledpork?
> 
Error message
> Generating Stub Rules....
> Generating shared object stubs via:/usr/local/bin/snort -c /etc/snort/snort.conf --dump-dynamic-rules=/tmp/tha_rules/so_rules/
> An error occurred: WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules.
> 
> An error occurred: WARNING: ip4 normalizations disabled because not inline.
> 
> An error occurred: WARNING: tcp normalizations disabled because not inline.
> 
> An error occurred: WARNING: icmp4 normalizations disabled because not inline.
> 
> An error occurred: WARNING: ip6 normalizations disabled because not inline.
> 
> An error occurred: WARNING: icmp6 normalizations disabled because not inline.
> 
> Dumping dynamic rules...
>  Finished dumping dynamic rules.
> Done 
> 
> 
> Below is pulledpork conf file
> 
> ignore=deleted.rules,experimental.rules,local.rules
> temp_path=/tmp
> rule_path=/etc/snort/rules/snort.rules
>  out_path=/etc/snort/rules/
> local_rules=/etc/snort/rules/local.rules
> sid_msg=/etc/snort/sid-msg.map
> sid_msg_version=1
> sid_changelog=/var/log/sid_changes.log
> sorule_path=/usr/local/lib/snort_dynamicrules/
> snort_path=/usr/local/bin/snort
> config_path=/etc/snort/snort.conf
>  sostub_path=/etc/snort/rules/so_rules.rules
> distro=Centos-6-7
> snort_control=/usr/local/bin/snort_control
>  pid_path=/var/run/snort
>  enablesid=/etc/snort/enablesid.conf
>  dropsid=/etc/snort/dropsid.conf
>  disablesid=/etc/snort/disablesid.conf
>  modifysid=/etc/snort/modifysid.conf
> version=0.7.0
> 
> 
> Thanks,
> KL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150910/5b900c34/attachment.html>


More information about the Snort-users mailing list