Snort mailing list archives

Unable to create stub so rules files

From: "C. L. Martinez" <carlopmart () gmail com>
Date: Tue, 27 Nov 2012 10:25:02 +0000

Hi all,

 I am trying to stub rule files from all loaded dynamic detection
rules libraries without luck. Error is:

Running in Rule Dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/data/config/etc/idpsnort01/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80:81 311 383 591 593 901 1220 1414
1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777
7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280
8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 50002
55555 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
PortVar 'SSH_PORTS' defined :  [ 22 ]
PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 383 591 593
901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001
7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123
8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443
9999 11371 50002 55555 ]
PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
Detection:
   Search-Method = AC-Full-Q
    Split Any/Any group = enabled
    Search-Method-Optimizations = enabled
    Maximum pattern length = 20
ERROR: /data/config/etc/idpsnort01//data/config/etc/idpsnort01/so_rules/bad-traffic.rules(0)
Unable to open rules file
"/data/config/etc/idpsnort01//data/config/etc/idpsnort01/so_rules/bad-traffic.rules":
No such file or directory.

Fatal Error, Quitting..

My variables defined:

var CONF_PATH /data/config/etc/idpsnort01
var RULE_PATH $CONF_PATH/rules
var SO_RULE_PATH $CONF_PATH/so_rules
# path to dynamic preprocessor libraries
dynamicpreprocessor directory /opt/snort/lib/snort_dynamicpreprocessor/

# path to base preprocessor engine
dynamicengine /opt/snort/lib/snort_dynamicengine/libsf_engine.so

# path to dynamic rules libraries
dynamicdetection directory $CONF_PATH/dynamicrules

Dynamic .so files exists:

root@plzfnsm01:/data/config/etc/idpsnort01# ls -la
/data/config/etc/idpsnort01/dynamicrules/
total 3088
drwxr-xr-x  2 root  wheel     512 Nov 27 10:01 .
drwxr-xr-x  7 root  wheel     512 Nov 27 09:27 ..
-rwxr-xr-x  1 1210  1210   239051 Oct 25 16:32 bad-traffic.so
-rwxr-xr-x  1 1210  1210    38209 Oct 25 16:32 chat.so
-rwxr-xr-x  1 1210  1210   324551 Oct 25 16:32 dos.so
-rwxr-xr-x  1 1210  1210   407644 Oct 25 16:32 exploit.so
-rwxr-xr-x  1 1210  1210    39934 Oct 25 16:32 icmp.so
-rwxr-xr-x  1 1210  1210    42823 Oct 25 16:32 imap.so
-rwxr-xr-x  1 1210  1210   168057 Oct 25 16:32 misc.so
-rwxr-xr-x  1 1210  1210    64834 Oct 25 16:32 multimedia.so
-rwxr-xr-x  1 1210  1210   205755 Oct 25 16:32 netbios.so
-rwxr-xr-x  1 1210  1210    36959 Oct 25 16:32 nntp.so
-rwxr-xr-x  1 1210  1210    36168 Oct 25 16:32 p2p.so
-rwxr-xr-x  1 1210  1210   135525 Oct 25 16:32 smtp.so
-rwxr-xr-x  1 1210  1210    62830 Oct 25 16:32 snmp.so
-rwxr-xr-x  1 1210  1210    85236 Oct 25 16:32 specific-threats.so
-rwxr-xr-x  1 1210  1210    52614 Oct 25 16:32 web-activex.so
-rwxr-xr-x  1 1210  1210   963462 Oct 25 16:32 web-client.so
-rwxr-xr-x  1 1210  1210    38845 Oct 25 16:32 web-iis.so
-rwxr-xr-x  1 1210  1210    73561 Oct 25 16:32 web-misc.so

Where is the problem??

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
  - Message not available
    - Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
    - Re: Unable to create stub so rules files Peter Bates (Nov 27)
    - Re: Unable to create stub so rules files Peter Bates (Nov 27)
    - Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
    - Re: Unable to create stub so rules files Peter Bates (Nov 27)
    - Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
    - Re: Unable to create stub so rules files Peter Bates (Nov 27)
    - Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
    - Re: Unable to create stub so rules files Peter Bates (Nov 27)

(Thread continues...)