Snort mailing list archives
Re: Gentoo Linux Snort Users
From: NA <dustypath () comcast net>
Date: Thu, 24 Feb 2011 14:36:56 -0800
No, a standard emerge -av snort Thx for the pulledpork help, just pulled down the dynamic rules using Ubuntu 8.04 emerge -pv snort These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] net-analyzer/snort-2.9.0.4 [2.9.0.3] USE="active-response decoder-preprocessor-rules dynamicplugin flexresp3 gre inline-init-failopen mysql normalizer ppm react reload-error-restart threads zlib -aruba -debug -ipv6 -linux-smp-stats -mpls -odbc -perfprofiling -postgres -prelude (-selinux) -static -targetbased" 0 kB Total: 1 package (1 upgrade), Size of downloads: 0 kB *And the patch.out: * cat /var/tmp/portage/net-analyzer/snort-2.9.0.4/temp/disabledynamic.patch.out ***** disabledynamic.patch ***** ================================ PATCH COMMAND: patch -p0 -g0 -E --no-backup-if-mismatch < '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ patching file src/fpcreate.c Hunk #1 FAILED at 70. Hunk #2 FAILED at 1812. 2 out of 2 hunks FAILED -- saving rejects to file src/fpcreate.c.rej patching file src/dynamic-plugins/sf_dynamic_define.h Hunk #1 FAILED at 96. 1 out of 1 hunk FAILED -- saving rejects to file src/dynamic-plugins/sf_dynamic_define.h.rej patching file src/dynamic-plugins/sf_dynamic_engine.h Hunk #1 FAILED at 77. 1 out of 1 hunk FAILED -- saving rejects to file src/dynamic-plugins/sf_dynamic_engine.h.rej patching file src/preprocessors/Stream5/snort_stream5_tcp.c Hunk #1 FAILED at 816. 1 out of 1 hunk FAILED -- saving rejects to file src/preprocessors/Stream5/snort_stream5_tcp.c.rej ================================ PATCH COMMAND: patch -p1 -g0 -E --no-backup-if-mismatch < '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ can't find file to patch at input line 23 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |? cflags.out |? cppflags.out |? cscope.out |? disabledynamic.patch |? http.patch |? log |? make.out |? rules.work |? snort-build.sh |? snort.pc |? ylwrap |? etc/snort.conf.work |? src/dynamic-preprocessors/rzb_saac/Makefile |? tools/u2boat/u2boat |? tools/u2spewfoo/u2spewfoo |Index: src/fpcreate.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v |retrieving revision 1.107.2.2 |diff -u -p -r1.107.2.2 fpcreate.c |--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 |+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored can't find file to patch at input line 51 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_define.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v |retrieving revision 1.15.4.1 |diff -u -p -r1.15.4.1 sf_dynamic_define.h |--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 |+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 74 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_engine.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v |retrieving revision 1.54.2.1 |diff -u -p -r1.54.2.1 sf_dynamic_engine.h |--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 |+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 97 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/preprocessors/Stream5/snort_stream5_tcp.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v |retrieving revision 1.296.2.5 |diff -u -p -r1.296.2.5 snort_stream5_tcp.c |--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 |+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored ================================ PATCH COMMAND: patch -p2 -g0 -E --no-backup-if-mismatch < '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ missing header for unified diff at line 23 of patch can't find file to patch at input line 23 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |? cflags.out |? cppflags.out |? cscope.out |? disabledynamic.patch |? http.patch |? log |? make.out |? rules.work |? snort-build.sh |? snort.pc |? ylwrap |? etc/snort.conf.work |? src/dynamic-preprocessors/rzb_saac/Makefile |? tools/u2boat/u2boat |? tools/u2spewfoo/u2spewfoo |Index: src/fpcreate.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v |retrieving revision 1.107.2.2 |diff -u -p -r1.107.2.2 fpcreate.c |--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 |+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored can't find file to patch at input line 51 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_define.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v |retrieving revision 1.15.4.1 |diff -u -p -r1.15.4.1 sf_dynamic_define.h |--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 |+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 74 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_engine.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v |retrieving revision 1.54.2.1 |diff -u -p -r1.54.2.1 sf_dynamic_engine.h |--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 |+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 97 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/preprocessors/Stream5/snort_stream5_tcp.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v |retrieving revision 1.296.2.5 |diff -u -p -r1.296.2.5 snort_stream5_tcp.c |--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 |+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored ================================ PATCH COMMAND: patch -p3 -g0 -E --no-backup-if-mismatch < '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ missing header for unified diff at line 23 of patch can't find file to patch at input line 23 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |? cflags.out |? cppflags.out |? cscope.out |? disabledynamic.patch |? http.patch |? log |? make.out |? rules.work |? snort-build.sh |? snort.pc |? ylwrap |? etc/snort.conf.work |? src/dynamic-preprocessors/rzb_saac/Makefile |? tools/u2boat/u2boat |? tools/u2spewfoo/u2spewfoo |Index: src/fpcreate.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v |retrieving revision 1.107.2.2 |diff -u -p -r1.107.2.2 fpcreate.c |--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 |+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored missing header for unified diff at line 51 of patch can't find file to patch at input line 51 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_define.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v |retrieving revision 1.15.4.1 |diff -u -p -r1.15.4.1 sf_dynamic_define.h |--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 |+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored missing header for unified diff at line 74 of patch can't find file to patch at input line 74 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_engine.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v |retrieving revision 1.54.2.1 |diff -u -p -r1.54.2.1 sf_dynamic_engine.h |--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 |+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 97 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/preprocessors/Stream5/snort_stream5_tcp.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v |retrieving revision 1.296.2.5 |diff -u -p -r1.296.2.5 snort_stream5_tcp.c |--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 |+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored ================================ PATCH COMMAND: patch -p4 -g0 -E --no-backup-if-mismatch < '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ missing header for unified diff at line 23 of patch can't find file to patch at input line 23 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |? cflags.out |? cppflags.out |? cscope.out |? disabledynamic.patch |? http.patch |? log |? make.out |? rules.work |? snort-build.sh |? snort.pc |? ylwrap |? etc/snort.conf.work |? src/dynamic-preprocessors/rzb_saac/Makefile |? tools/u2boat/u2boat |? tools/u2spewfoo/u2spewfoo |Index: src/fpcreate.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v |retrieving revision 1.107.2.2 |diff -u -p -r1.107.2.2 fpcreate.c |--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 |+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored missing header for unified diff at line 51 of patch can't find file to patch at input line 51 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_define.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v |retrieving revision 1.15.4.1 |diff -u -p -r1.15.4.1 sf_dynamic_define.h |--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 |+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored missing header for unified diff at line 74 of patch can't find file to patch at input line 74 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/dynamic-plugins/sf_dynamic_engine.h |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v |retrieving revision 1.54.2.1 |diff -u -p -r1.54.2.1 sf_dynamic_engine.h |--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 |+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored missing header for unified diff at line 97 of patch can't find file to patch at input line 97 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |Index: src/preprocessors/Stream5/snort_stream5_tcp.c |=================================================================== |RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v |retrieving revision 1.296.2.5 |diff -u -p -r1.296.2.5 snort_stream5_tcp.c |--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 |+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored ---------------------------------------------------------old stuff------------------------------
You are not manually trying to patch it are you? what is the output of "emerge -pv snort" say? On Thu, Feb 24, 2011 at 4:56 PM, NA<dustypath () comcast net> wrote:Billy? Ouch, haven't been called that since I lived in Tennesee! The patch referred to is the disabledynamic.patch, just added as well as Snort-2.9.0.4 to portage. Thanks for clearing up the reason for the empty directory. I have pulledpork working but the directory remains empty. The file cat /var/tmp/portage/net-analyzer/snort-2.9.0.4/temp/disabledynamic.patch.out ***** disabledynamic.patch ***** ================================ PATCH COMMAND: patch -p0 -g0 -E --no-backup-if-mismatch< '/usr/portage/net-analyzer/snort/files/disabledynamic.patch' ================================ patching file src/fpcreate.c Hunk #1 FAILED at 70. Hunk #2 FAILED at 1812. 2 out of 2 hunks FAILED -- saving rejects to file src/fpcreate.c.rej patching file src/dynamic-plugins/sf_dynamic_define.h Hunk #1 FAILED at 96. 1 out of 1 hunk FAILED -- saving rejects to file src/dynamic-plugins/sf_dynamic_define.h.rej patching file src/dynamic-plugins/sf_dynamic_engine.h Hunk #1 FAILED at 77. 1 out of 1 hunk FAILED -- saving rejects to file src/dynamic-plugins/sf_dynamic_engine.h.rej patching file src/preprocessors/Stream5/snort_stream5_tcp.c Hunk #1 FAILED at 816. 1 out of 1 hunk FAILED -- saving rejects to file src/preprocessors/Stream5/snort_stream5_tcp.c.rej ================================ A programmer I am not but it seems I have files missing, question is why? So would it be correct to say PulledPork doesn't download anything to ...../dynamicrules due to no precompiled OS in pulledpork.conf being chosen by me? ThxBTW Billy, There are no precompilled rules for Gentoo. I've had good luck with the Ubuntu precompiled rules. On Thu, Feb 24, 2011 at 4:34 PM, Jason Wallace <jason.r.wallace () gmail com> wrote:Billy, "as the patch fails when emerging the new ebuild" which patch are you referring to? /usr/lib64/dynamicrules is empty because the so_rules are not shipped with the snort package. That directory is the drop zone for the SO rules you should pull with pulledpork. Wally On Thu, Feb 24, 2011 at 4:19 PM, NA<dustypath () comcast net> wrote:Thank you very much for your work, I was just lamenting this morning over a new install of 2.9.03 that FPs all over the place compared to 2.9.0.4! I am having trouble though as the patch fails when emerging the new ebuild. I was having trouble with dynamic detection already, the directory /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails with a segfault (probably because of the empty directory, nothing to work on). I will post a bug report at bug.gentoo.org unless you have any insight that this is my screw up! Thanks again Bill BHowdy! Just wanted to give an update on the current Snort ebuild and the ebuilds for some snort related packages. Snort-2.9.0.4 This was committed to portage this afternoon, so it should hit the mirror near you in the next 24-48 hrs. The ebuild was delayed due to a bug we found when trying to compile with the dynamicplugins USE flag disabled. The Sourcefire folks provided a patch for this. The ebuild is currently stable for amd64 and unstable for x86. The unstable is due to the prelude package being unstable. I'm considering yanking support for Prelude from the ebuild. This is something that should be handled by Barnyard2 anyways. If you are violently opposed to dropping Prelude support, then shoot me an email. Also, I will likely drop the ipv6 USE flag in the next version and hard code in ipv6 support. This is due to the difference between ipv4 and ipv6 and how that affects ipvar/portvar and var. I've gotten a number of emails from Gentoo folks looking for config.log and build.log when working bugs with SF. Since the build environment gets cleaned up after the package is installed these were not available. With the 2.9.0.4 ebuild you can now find both of these files in the "support" directory in the package's doc directory. daq-0.5 This ebuild is currently stable for amd64 and unstable for x86. This will likely stabilize when Snort does. This version does not have the buffer_size_mb fix in it. I'll roll an -r1 version to include this fix some time soon. Barnyard2-1.9 This ebuild is marked unstable for both amd64 and x86. The ebuild is fairly new, that is why it is not stabilized yet. There are some issues with this ebuild. It currently only supports the database output plugins and those plugins that get compiled by default. The is no ipv6 support. Barnyard2 currently does not compile with --enable-ipv6. I've bugged this upstream. The above are all in the main portage tree. The following packages have been committed to the Sunrise Overlay (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's to get these into the main distro tree, but they live in Sunrise for now. Pulledpork-0.5 No known issues. daemonlogger-1.2.1 No known issues. Supports both tap and logging mode in the init scripts. hogger-2.1 No known issues. If you want to help out with any of these packages or you just want access to them before they are committed to the trees, you can add my Github repository as an overly https://github.com/wally3514/Gentoo. This is a development space so YMMV. thx, Wally ------------------------------------------------------------------------------ Free Software Download: Index, Search& Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Nigel Houghton (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 25)