Snort mailing list archives
Re: Unable to use dynamicrules on CentOS 6.4 x86_64
From: Jason Ish <lists () unx ca>
Date: Fri, 5 Jul 2013 08:41:30 -0600
On Fri, Jul 5, 2013 at 7:20 AM, Jaspal <jaspal () aasaanpay com> wrote:
On Friday 05 July 2013 05:47 PM, waldo kitty wrote:On 7/5/2013 05:47, Jaspal wrote:Hi, I am trying to use the dynamic rules present insnort-rules-snapshot-2495 withsnort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.is this "snort-2.9.5" a typo? if not, then that's part of yourproblem... inmany cases you cannot mix rules for one version of snort with a different version of snort... the dynamic rules are definitely an example ofthis... Thanks for the response. It's not a typo. That's the latest tar on the site and I could not find sources of older versions. ( Why not a give a link ? ) I understand that we can't mix apples and oranges. But the 4 latest snortrules-snapshot (available to registered users) all end in 29{40,41,45,46,31} under the section 'Snort v2.9'. Again no older releases. Perhaps, you could just tell me how to choose a correct set of rules with the snort-2.9.5 version and where can I find them.I have compiled daq and snort from source. Used libdnet andlibdnet-devel fromthe rpm repo.does not matter in this case...I get the following error upon trying to use the precompiled sharedlibs fromeither of RHEL-6.0 or CentOS-5.4 : "The dynamic detection library "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiledwithdynamic engine library version 1.17 isn't compatible with the currentdynamicengine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so"version 2.0"this tells you exactly what the error is and where...Both the snort-rules and snort are compiled from the latest sources. It looks like a version mismatch. But where exactly ?inside the compiled so rules file(s)... the above message tells you thattheversion 1.0 of web-activex.so compiled with dynamic engine library 1.17is notcompatible with the current dynamic engine library 2.0...Or is there a way to compile the shared libs and use them ?yes but i'm not familiar with how to do it... someone else will have tospeak onthis...Also, why does snort provide precompiled shared libs for CentOS-6.x ?someone else will have to speak on this, too...
I think for now you are best to use Snort 2.9.4.6 so you can use the SO rules. Here's a direct download link as I don't think its provided on the Snort download page: http://www.snort.org/dl/snort-current/snort-2.9.4.6.tar.gz
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unable to use dynamicrules on CentOS 6.4 x86_64 Jaspal (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 waldo kitty (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Jaspal (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Joel Esler (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Jason Ish (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Jaspal (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 waldo kitty (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Joel Esler (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 Jaspal (Jul 05)
- Re: Unable to use dynamicrules on CentOS 6.4 x86_64 waldo kitty (Jul 05)