Snort mailing list archives
Re: still fighting with so_rules
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Mon, 13 Jul 2009 10:45:18 +1200
On 12/07/2009, at 8:21 AM, Nathaniel Richmond wrote:
I haven't tried the Fedora rules on RHEL as Nigel suggested, but the CentOS 32-bit SO rules work fine on 32-bit RHEL. There are CentOS 4 and 5 rules, which correspond to RHEL 4 and 5.
Thanks Nate, yes Centos 5 work fine! For the archives: The VRT folk look after the binary distributions of the rule sets. The proper place to request support for a new platform is research () sourcefire com. Hmmm... having a wiki on the sourcefire site would be useful for this sort if information, List of supported platforms and which platforms are equivalent. Hmmm... how about some symlinks in the tarball so RHE5.0/i386 points to Centos5.0/i386! Russell
Nate Russell Fulton wrote:I see to my dismay that the only precompiled rules for rhe are for 64 bit 5.0. Our standard corporate image is 5.3 (32 bit ?). Having finally got one of my sensors upgraded (from reh 3) I get this error: FATAL ERROR: Failed to load /home/snort/Rules/so_rules/bad- traffic.so: /home/snort/Rules/so_rules/bad-traffic.so: wrong ELF class: ELFCLASS64 Google indicates that this is indeed caused by incompatibilities between 32 and 64bit binaries. I'm getting rather peeved that sourcefire accepted my $1200 and has so far failed to deliver anything that I can use in the way of compiled rules. I won't be renewing VRT subscription. Russell ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- still fighting with so_rules Russell Fulton (Jul 11)
- Re: still fighting with so_rules Nigel Houghton (Jul 11)
- <Possible follow-ups>
- Re: still fighting with so_rules Nathaniel Richmond (Jul 11)
- Re: still fighting with so_rules Russell Fulton (Jul 12)