[Snort-users] Error Compiling Snort 2.9.11.1

Lucas Miguel (_theHarvester) alcides.romeu at gmail.com
Fri Jun 29 17:39:01 EDT 2018


Thanks, 
I was mistyping.

Regards,

Lucas Miguel

> On 29 Jun 2018, at 10:15, Y M via Snort-users <snort-users at lists.snort.org> wrote:
> 
> You have "appid_event_type" in your configuration, where it should be "appid_event_types". Have a look at README.appid under /doc within Snort source tarball.
> 
> YM
> 
> From: Lucas Miguel (_theHarvester) <alcides.romeu at gmail.com>
> Sent: Friday, June 29, 2018 9:42 AM
> To: Y M
> Cc: snort-users at lists.snort.org
> Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
>  
> Worked just fine. 
> 
> Thanks in advance.
> 
> I’ve inserted the bellow line in snort.conf file and when testing it’s rising fatal error.
> 
> output unified2: filename snort.u2, limit 128, appid_event_type
> 
> ERROR:
>   
> Log directory = /var/log/snort
> ERROR: Argument Error in /etc/snort/snort.conf(527): appid_event_type
> Fatal Error, Quitting..
> 
> 
> Regards,
> Alcides
> 
>> On Jun 28, 2018, at 3:58 PM, Y M via Snort-users <snort-users at lists.snort.org> wrote:
>> 
>> It is definitely not the same error. The error in this case is in 
>> 
>> libsf_appid_preproc_la-service_ssl.lo
>> 
>> The previous errors were in different files. This is good because it means the past errors are fixed, hopefully.
>> 
>> This new error is mostly related to the fact that the OpenSSL/libssl packages in Ubuntu 18.04 are of version >=1.1.  In this case, remove OpenSSL and libssl and downgrade to libssl 1.0.2 via
>> 
>> apt-get install libssl1.0-dev
>> 
>> Or something similar.After that try make again. I guess this happens because OpenAppID relies on SSL libraries/API that have changed in the newer version of OpenSSL/libssl. I guess OpenAppID needs to be updated to handle  the new changes in libssl, simply a guess
>> 
>> Please test this and let us know.
>> 
>> From: Lucas Miguel (_theHarvester) <alcides.romeu at gmail.com>
>> Sent: Thursday, June 28, 2018 5:48 PM
>> To: Y M
>> Cc: snort-users at lists.snort.org
>> Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
>>  
>> Hello,
>> 
>> I’ve retried and I think that the error continues the same.
>> 
>>    16  sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev
>>    17  sudo apt-get install -y libnghttp2-dev
>>    18  sudo apt-get install -y pkg-config openssl libssl-dev
>>    22  wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
>>    23  tar xzvf libdnet-1.11.tar.gz
>>    24  cd libdnet-1.11/
>>    25  ./configure
>>    26  make
>>    27  sudo make install
>>    28  cd ..
>>    29  tar xzvf LuaJIT-2.0.5.tar.gz
>>    30  cd LuaJIT-2.0.5/
>>    31  make
>>    32  sudo make install
>>    33  wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
>>    34  ls
>>    35  cp daq-2.0.6.tar.gz ~/snort_src/
>>    36  rm daq-2.0.6.tar.gz
>>    37  ls
>>    38  cd ..
>>    39  ls
>>    40  tar -xzvf daq-2.0.6.tar.gz
>>    41  cd daq-2.0.6/
>>    42  ls
>>    43  ./configure
>>    44  make
>>    45  sudo make install
>>    46  sudo ldconfig
>>    47  cd ..
>>    48  ls
>>    49  wget https://www.snort.org/downloads/snort/snort-2.9.11.1.tar.gz
>>    50  tar -zxvf snort-2.9.11.1.tar.gz
>>    51  cd snort-2.9.11.1/
>>    52  ./configure --enable-sourcefire --enable-open-appid
>>    53  make
>> 
>> 
>> 
>> ../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c: In function ‘parse_certificates’:
>> ../../../src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:488:32: error: dereferencing pointer to incomplete type ‘X509 {aka struct x509_st}’
>>              start = strstr(cert->name, COMMON_NAME_STR);
>>                                 ^~
>> Makefile:855: recipe for target 'libsf_appid_preproc_la-service_ssl.lo' failed
>> make[5]: *** [libsf_appid_preproc_la-service_ssl.lo] Error 1
>> make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
>> Makefile:1036: recipe for target 'all-recursive' failed
>> make[4]: *** [all-recursive] Error 1
>> make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>> Makefile:807: recipe for target 'all' failed
>> make[3]: *** [all] Error 2
>> make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>> Makefile:558: recipe for target 'all-recursive' failed
>> make[2]: *** [all-recursive] Error 1
>> make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
>> Makefile:516: recipe for target 'all-recursive' failed
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
>> Makefile:382: recipe for target 'all' failed
>> make: *** [all] Error 2
>> 
>> 
>> 
>> Regards,
>> 
>> Alcides
>> 
>>> On Jun 28, 2018, at 3:03 PM, Y M via Snort-users <snort-users at lists.snort.org> wrote:
>>> 
>>> What is the operating system you are trying this on? I faced similar issues with newer Linux distros such as Ubuntu 18.04.
>>> 
>>> Try removing all Lua packages installed from the repo, and then install LuaJIT from source as James suggested.
>>> 
>>> You may face additional issues with AppID and SSL. If you get to that point, please post the error message you get.
>>> 
>>> Thanks.
>>> YM
>>> 
>>> From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of Lucas Miguel (_theHarvester) via Snort-users <snort-users at lists.snort.org>
>>> Sent: Thursday, June 28, 2018 4:04:50 PM
>>> To: Noah Dietrich
>>> Cc: snort-users at lists.snort.org
>>> Subject: Re: [Snort-users] Error Compiling Snort 2.9.11.1
>>>  
>>> Even after installing LuaJit and all other components it’s still failing the same exact error.
>>> 
>>> Regards,
>>> 
>>>> On Jun 28, 2018, at 12:50 PM, Noah Dietrich <noah_dietrich at 86penny.org> wrote:
>>>> 
>>>> OpenAppID on ubuntu for snort 2.9.x requires the additional librarires:
>>>> sudoapt-getinstall-y
>>>>  libluajit-5.1-dev pkg-config openssl libssl-dev 
>>>> 
>>>> Steps are here: http://sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/
>>>> 
>>>> 
>>>> On Thu, Jun 28, 2018 at 1:11 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>>>> You're missing luajit:
>>>> 
>>>> http://luajit.org/download.html
>>>> 
>>>> your package manager may have it as well..make sure to install the -dev package as well.
>>>> 
>>>> James
>>>> 
>>>>> On Thu, 2018-06-28 at 11:46 +0100, Lucas Miguel (_theHarvester) via Snort-users wrote:
>>>>> Hello,
>>>>> 
>>>>> I’m compiling snort 2.9.11.1 with —enable-sourcefire —enable-open-appid option’s but when I issue the make command I receive the bellow error.
>>>>> 
>>>>> 
>>>>> Makefile:702: recipe for target 'libsf_appid_preproc_la-luaDetectorApi.lo' failed
>>>>> make[5]: *** [libsf_appid_preproc_la-luaDetectorApi.lo] Error 1
>>>>> make[5]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors/appid'
>>>>> Makefile:1036: recipe for target 'all-recursive' failed
>>>>> make[4]: *** [all-recursive] Error 1
>>>>> make[4]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>>>>> Makefile:807: recipe for target 'all' failed
>>>>> make[3]: *** [all] Error 2
>>>>> make[3]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src/dynamic-preprocessors'
>>>>> Makefile:558: recipe for target 'all-recursive' failed
>>>>> make[2]: *** [all-recursive] Error 1
>>>>> make[2]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1/src'
>>>>> Makefile:516: recipe for target 'all-recursive' failed
>>>>> make[1]: *** [all-recursive] Error 1
>>>>> make[1]: Leaving directory '/home/suidsp01/snort_src/snort-2.9.11.1'
>>>>> Makefile:382: recipe for target 'all' failed
>>>>> make: *** [all] Error 2
>>>>> 
>>>>> Any help?
>>>>> 
>>>>> Regards,
>>>>> Alcides
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.snort.org
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.snort.org/mailman/listinfo/snort-users
>>>>> 
>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>>> 
>>>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
>>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.snort.org
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.snort.org/mailman/listinfo/snort-users
>>>> 
>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>> 
>>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.snort.org
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.snort.org/mailman/listinfo/snort-users
>>>> 
>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>> 
>>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.snort.org
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>> 
>>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180629/de4183ce/attachment.html>


More information about the Snort-users mailing list