[Snort-users] Error Compiling Snort 2.9.11.1

Lucas Miguel (_theHarvester) alcides.romeu at gmail.com
Fri Jun 29 02:42:15 EDT 2018


Worked just fine. 

Thanks in advance.

I’ve inserted the bellow line in snort.conf file and when testing it’s rising fatal error.

	output unified2: filename snort.u2, limit 128, appid_event_type

ERROR:
	  
	Log directory = /var/log/snort
	ERROR: Argument Error in /etc/snort/snort.conf(527): appid_event_type
	Fatal Error, Quitting..


Regards,
Alcides

> On Jun 28, 2018, at 3:58 PM, Y M via Snort-users <snort-users at lists.snort.org> wrote:
> 
> It is definitely not the same error. The error in this case is in 
> 
> libsf_appid_preproc_la-service_ssl.lo
> 
> The previous errors were in different files. This is good because it means the past errors are fixed, hopefully.
> 
> This new error is mostly related to the fact that the OpenSSL/libssl packages in Ubuntu 18.04 are of version >=1.1.  In this case, remove OpenSSL and libssl and downgrade to libssl 1.0.2 via
> 
> apt-get install libssl1.0-dev
> 
> Or something similar.After that try make again. I guess this happens because OpenAppID relies on SSL libraries/API that have changed in the newer version of OpenSSL/libssl. I guess OpenAppID needs to be updated to handle the new changes in libssl, simply a guess
> 
> Please test this and let us know.
> 
> From: Lucas Miguel (_theHarvester) <alcides.romeu at gmail.com>
> Sent: Thursday, June 28, 2018 5:48 PM
> To: Y M
> Cc: snort-users at lists.snort.org
> Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
>  
> Hello,
> 
> I’ve retried and I think that the error continues the same.
> 
>    16  sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev
>    17  sudo apt-get install -y libnghttp2-dev
>    18  sudo apt-get install -y pkg-config openssl libssl-dev
>    22  wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz <http://luajit.org/download/LuaJIT-2.0.5.tar.gz>
>    23  tar xzvf libdnet-1.11.tar.gz
>    24  cd libdnet-1.11/
>    25  ./configure
>    26  make
>    27  sudo make install
>    28  cd ..
>    29  tar xzvf LuaJIT-2.0.5.tar.gz
>    30  cd LuaJIT-2.0.5/
>    31  make
>    32  sudo make install
>    33  wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz <https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz>
>    34  ls
>    35  cp daq-2.0.6.tar.gz ~/snort_src/
>    36  rm daq-2.0.6.tar.gz
>    37  ls
>    38  cd ..
>    39  ls
>    40  tar -xzvf daq-2.0.6.tar.gz
>    41  cd daq-2.0.6/
>    42  ls
>    43  ./configure
>    44  make
>    45  sudo make install
>    46  sudo ldconfig
>    47  cd ..
>    48  ls
>    49  wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz <https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz>
>    50  tar -zxvf snort-2.9.11.1.tar.gz
>    51  cd snort-2.9.11.1/
>    52  ./configure --enable-sourcefire --enable-open-appid
>    53  make
> 
> 
> 
> ../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c: In function ‘parse_certificates’:
> ../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:488:32: error: dereferencing pointer to incomplete type ‘X509 {aka struct x509_st}’
>              start = strstr(cert->name, COMMON_NAME_STR);
>                                 ^~
> Makefile:855: recipe for target 'libsf_appid_preproc_la-service_ssl.lo' failed
> make[5]: *** [libsf_appid_preproc_la-service_ssl.lo] Error 1
> make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
> Makefile:1036: recipe for target 'all-recursive' failed
> make[4]: *** [all-recursive] Error 1
> make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
> Makefile:807: recipe for target 'all' failed
> make[3]: *** [all] Error 2
> make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
> Makefile:558: recipe for target 'all-recursive' failed
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
> Makefile:516: recipe for target 'all-recursive' failed
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
> Makefile:382: recipe for target 'all' failed
> make: *** [all] Error 2
> 
> 
> 
> Regards,
> 
> Alcides
> 
>> On Jun 28, 2018, at 3:03 PM, Y M via Snort-users <snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>> wrote:
>> 
>> What is the operating system you are trying this on? I faced similar issues with newer Linux distros such as Ubuntu 18.04.
>> 
>> Try removing all Lua packages installed from the repo, and then install LuaJIT from source as James suggested.
>> 
>> You may face additional issues with AppID and SSL. If you get to that point, please post the error message you get.
>> 
>> Thanks.
>> YM
>> 
>> From: Snort-users <snort-users-bounces at lists.snort.org <mailto:snort-users-bounces at lists.snort.org>> on behalf of Lucas Miguel (_theHarvester) via Snort-users <snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>>
>> Sent: Thursday, June 28, 2018 4:04:50 PM
>> To: Noah Dietrich
>> Cc: snort-users at lists.snort.org <mailto:snort-users at lists.snort.org>
>> Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
>>  
>> Even after installing LuaJit and all other components it’s still failing the same exact error.
>> 
>> Regards,
>> 
>>> On Jun 28, 2018, at 12:50 PM, Noah Dietrich <noah_dietrich at 86penny.org <mailto:noah_dietrich at 86penny.org>> wrote:
>>> 
>>> OpenAppID on ubuntu for snort 2.9.x requires the additional librarires:
>>> sudoapt-getinstall-y
>>>  libluajit-5.1-dev pkg-config openssl libssl-dev 
>>> 
>>> Steps are here: http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/ <http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/>
>>> 
>>> 
>>> On Thu, Jun 28, 2018 at 1:11 PM, James Lay <jlay at slave-tothe-box.net <mailto:jlay at slave-tothe-box.net>> wrote:
>>> You're missing luajit:
>>> 
>>> http://luajit.org/download.html <http://luajit.org/download.html>
>>> 
>>> your package manager may have it as well..make sure to install the -dev package as well.
>>> 
>>> James
>>> 
>>> On Thu, 2018-06-28 at 11:46 +0100, Lucas Miguel (_theHarvester) via Snort-users wrote:
>>>> Hello,
>>>> 
>>>> I’m compiling snort 2.9.11.1 with —enable-sourcefire —enable-open-appid option’s but when I issue the make command I receive the bellow error.
>>>> 
>>>> 
>>>> Makefile:702: recipe for target 'libsf_appid_preproc_la-luaDetectorApi.lo' failed
>>>> make[5]: *** [libsf_appid_preproc_la-luaDetectorApi.lo] Error 1
>>>> make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
>>>> Makefile:1036: recipe for target 'all-recursive' failed
>>>> make[4]: *** [all-recursive] Error 1
>>>> make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>>>> Makefile:807: recipe for target 'all' failed
>>>> make[3]: *** [all] Error 2
>>>> make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>>>> Makefile:558: recipe for target 'all-recursive' failed
>>>> make[2]: *** [all-recursive] Error 1
>>>> make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
>>>> Makefile:516: recipe for target 'all-recursive' failed
>>>> make[1]: *** [all-recursive] Error 1
>>>> make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
>>>> Makefile:382: recipe for target 'all' failed
>>>> make: *** [all] Error 2
>>>> 
>>>> Any help?
>>>> 
>>>> Regards,
>>>> Alcides
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>
>>>> 
>>>> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
>>>> 
>>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>
>>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>
>>> 
>>> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
>>> 
>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>
>>> 
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users <https://lists.snort.org/mailman/listinfo/snort-users>
>>> 
>>> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
>>> 
>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette>
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.snort.org <mailto:Snort-users at lists.snort.org>
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180629/3584b9ee/attachment.html>


More information about the Snort-users mailing list