Snort mailing list archives

Previous By Date Next
Previous By Thread Next

2.9.1.2 rebuild problems

From: John York <YorkJ () brcc edu>
Date: Wed, 26 Oct 2011 14:46:00 +0000
I just rebuilt a sensor (Ubuntu 10.0.4, Snort 2.9.1.2, PP 0.61)

Problem 1
It looks like pulledpork is having trouble finding the snort version.  However, snort is installed in the default 
location /usr/local/bin, config in /usr/local/etc/snort, etc...  Snort runs fine with
Snort -T -c /usr/local/etc/snort/snort.conf

When I ran pulledpork  I got this error:
The specified Snort binary does not exist!

I changed the rule url in pp config to specify 2.9.1.2:
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2912.tar.gz|<oinkers!>

Then pp ran, but gave gazillions of $snort undefined errors.  Manually specifying the snort version at the end of the 
pp config fixed that:
snort_version=2.9.1.2

Problem 2
For some reason, the precompiled SO rules didn't get to the proper directory, as pp gave this error:
Warning: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules!

I untarred the rules pp left in /tmp, and copied the contents of /tmp/so_rules/precompiled/Ubuntu-10-4/x86-64/2.9.1.2/ 
to /usr/local/lib/snort_dynamicrules

Now everything runs w/o errors, but I imagine I'll need to manually copy the SO rules for a while.

Hmm, just moved to the pulledpork.pl from the SVN, and it seems to work without the changes above.  The SVN version 
must have been fixed to handle 2.9.1.2.  It generates this error, but seems to work ok:
Use of uninitialized value $Value in pattern match (m//) at /usr/local/bin/pulledpork.pl line 104, <CONFIG> line 1.

Thanks
John

Attachment: pulledpork.conf
Description: pulledpork.conf

------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: