Snort mailing list archives
Re: Ubuntu 18 and so rules error
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 14 Jun 2018 15:45:15 -0600
Good info thanks YM! James On 2018-06-14 15:00, Y M via Snort-users wrote:
Expanding the troubleshooting surface here, not hijacking the thread. I get the below error after a successful build: # /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort.conf -T Loading all dynamic detection libs from /usr/local/snort/lib/snort_dynamicrules... Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/malware-cnc.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/browser-ie.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/server-webapp.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/pua-p2p.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/protocol-other.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/netbios.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/protocol-tftp.so... done Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/malware-other.so... ERROR: Failed to load /usr/local/snort/lib/snort_dynamicrules/malware-other.so: /usr/local/snort/lib/snort_dynamicrules/malware-other.so: undefined symbol: sin Fatal Error, Quitting.. $ ldd /usr/local/snort/bin/snort linux-vdso.so.1 (0x00007ffc4c4bf000) libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007f62f0f52000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f62f0ce0000) libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f62f089d000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f62f0699000) libnetfilter_queue.so.1 => /usr/lib/x86_64-linux-gnu/libnetfilter_queue.so.1 (0x00007f62f0492000) libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x00007f62f026c000) libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f62f002b000) libdumbnet.so.1 => /usr/lib/x86_64-linux-gnu/libdumbnet.so.1 (0x00007f62efe1a000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f62efbfd000) liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f62ef9d7000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f62ef7b8000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f62ef3c7000) /lib64/ld-linux-x86-64.so.2 (0x00007f62f239a000) libnfnetlink.so.0 => /usr/lib/x86_64-linux-gnu/libnfnetlink.so.0 (0x00007f62ef1c0000) libmnl.so.0 => /lib/x86_64-linux-gnu/libmnl.so.0 (0x00007f62eefba000) Dependencies: # apt-get install flex bison gcc make cmake libtool autoconf libpcap-dev libpcre3-dev liblzma-dev zlib1g-dev libnetfilter-queue-dev libdumbnet-dev openssl libssl-dev libnghttp2-dev pkg-config uuid-dev LuaJIT 2.0.5 installed form source. Configure: # ./configure --prefix=/usr/local/snort --enable-sourcefire --enable-file-inspect --enable-large-pcap --enable-non-ether-decoders --enable-open-appid # uname -a Linux dev 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux On a side note, building Snort 2.9.11.1 with libssl-dev (1.1.0g) and --enable-open-appid will fail (errors attached). Had to downgrade to libssl1.0-dev (1.0.2n) to get the build going. Thanks. YM ------------------------- FROM: Snort-users <snort-users-bounces () lists snort org> on behalf of Patrick Mullen (pamullen) via Snort-users <snort-users () lists snort org> SENT: Thursday, June 14, 2018 5:50 PM TO: jlay () slave-tothe-box net CC: snort-users () lists snort org SUBJECT: Re: [Snort-users] Ubuntu 18 and so rules error To be clear, my example code ran first try? Does snort continue to throw that error? ~Patrick FROM: James Lay <jlay () slave-tothe-box net> Ran like a champ: <snip screenshot> now we're having some fun! James On 2018-06-13 09:20, Patrick Mullen (pamullen) wrote:James, Here's a quick test. If this doesn't work, then install whatever google tells you and it should fix the snort loading problem. If it does, then I'm a little confused and we'll have to look into this further._______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Ubuntu 18 and so rules error James Lay (Jun 10)
- Message not available
- Message not available
- Re: Ubuntu 18 and so rules error James Lay (Jun 13)
- Message not available
- Re: Ubuntu 18 and so rules error James Lay (Jun 13)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 13)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error James Lay (Jun 14)
- Re: Ubuntu 18 and so rules error James Lay (Jun 14)
- Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 15)
- Re: Ubuntu 18 and so rules error James Lay (Jun 15)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 18)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Russ via Snort-users (Jun 19)
- Re: Ubuntu 18 and so rules error James Lay (Jun 19)
- Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 22)
- Message not available
- Message not available