[Snort-users] Ubuntu 18 and so rules error

Y M snort at outlook.com
Thu Jun 14 17:00:14 EDT 2018


Expanding the troubleshooting surface here, not hijacking the thread. I get the below error after a successful build:

# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort.conf -T

Loading all dynamic detection libs from /usr/local/snort/lib/snort_dynamicrules...
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/malware-cnc.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/browser-ie.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/server-webapp.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/pua-p2p.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/protocol-other.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/netbios.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/protocol-tftp.so... done
Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/malware-other.so...
ERROR: Failed to load /usr/local/snort/lib/snort_dynamicrules/malware-other.so: /usr/local/snort/lib/snort_dynamicrules/malware-other.so: undefined symbol: sin
Fatal Error, Quitting..

$ ldd /usr/local/snort/bin/snort

linux-vdso.so.1 (0x00007ffc4c4bf000)
libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007f62f0f52000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f62f0ce0000)
libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f62f089d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f62f0699000)
libnetfilter_queue.so.1 => /usr/lib/x86_64-linux-gnu/libnetfilter_queue.so.1 (0x00007f62f0492000)
libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x00007f62f026c000)
libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f62f002b000)
libdumbnet.so.1 => /usr/lib/x86_64-linux-gnu/libdumbnet.so.1 (0x00007f62efe1a000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f62efbfd000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f62ef9d7000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f62ef7b8000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f62ef3c7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f62f239a000)
libnfnetlink.so.0 => /usr/lib/x86_64-linux-gnu/libnfnetlink.so.0 (0x00007f62ef1c0000)
libmnl.so.0 => /lib/x86_64-linux-gnu/libmnl.so.0 (0x00007f62eefba000)

Dependencies:
# apt-get install flex bison gcc make cmake libtool autoconf libpcap-dev libpcre3-dev liblzma-dev zlib1g-dev libnetfilter-queue-dev libdumbnet-dev openssl libssl-dev libnghttp2-dev pkg-config uuid-dev

LuaJIT 2.0.5 installed form source.

Configure:
# ./configure --prefix=/usr/local/snort --enable-sourcefire --enable-file-inspect --enable-large-pcap --enable-non-ether-decoders --enable-open-appid

# uname -a
Linux dev 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

On a side note, building Snort 2.9.11.1 with libssl-dev (1.1.0g) and --enable-open-appid will fail (errors attached). Had to downgrade to libssl1.0-dev (1.0.2n) to get the build going.

Thanks.
YM

________________________________
From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of Patrick Mullen (pamullen) via Snort-users <snort-users at lists.snort.org>
Sent: Thursday, June 14, 2018 5:50 PM
To: jlay at slave-tothe-box.net
Cc: snort-users at lists.snort.org
Subject: Re: [Snort-users] Ubuntu 18 and so rules error


To be clear, my example code ran first try?  Does snort continue to throw that error?





~Patrick



From: James Lay <jlay at slave-tothe-box.net>



Ran like a champ:

<snip screenshot>

now we're having some fun!

James

On 2018-06-13 09:20, Patrick Mullen (pamullen) wrote:

James,



Here's a quick test.  If this doesn't work, then install whatever google tells you and it should fix the snort loading problem.  If it does, then I'm a little confused and we'll have to look into this further.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180614/e4525cc6/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: error_2.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180614/e4525cc6/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: error_1.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180614/e4525cc6/attachment-0001.txt>


More information about the Snort-users mailing list