search

yookd / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

No .so files extracted from VRT snapshot to snort_dynamicrules when overriding version #99

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use snortrules-snapshot-2911.tar.gz in rule_url to override snort version # 
because 2.9.1.2 rules are not yet available to registered-only users.
2. run pulledpork with dynamicdetection
3. Get warning about no libraries in snort_dynamicrules dir.

What is the expected output? What do you see instead?
The .so files should be extracted from the VRT tarball into the 
snort_dynamicrules folder and the --dump-dynamic-rules section of pulledpork 
should succeed without warning.

What version of the product are you using? On what operating system?
snort 2.9.1.2 and pulledpork 0.6.1 built on CentOS 6.0 x86_64. Pulledpork 
configured with distro=RHEL-6-0.

Please provide any additional information below.

What I *think* is happening is that pulledpork is looking to the snort version 
to build the path to the .so files in the tarball, but because the version is 
overridden the tarball has a folder 2.9.1.1 and pulledpork is looking for 
2.9.1.2.

Perhaps checking the rule_url for any version override when building the .so 
files path would work.

Original issue reported on code.google.com by david.na...@gmail.com on 17 Nov 2011 at 2:57

GoogleCodeExporter commented 9 years ago 
Did this work before you upgraded to 2.9.1.2?

Original comment by Cummin...@gmail.com on 17 Nov 2011 at 3:22

GoogleCodeExporter commented 9 years ago 
Sorry but I just built this box and 2.9.1.2 was the only version used. I should 
note that copying the .so files manually makes pp and snort happy, but I think 
the .so files will not update.

Original comment by david.na...@gmail.com on 17 Nov 2011 at 3:43

GoogleCodeExporter commented 9 years ago 
What value for distro do you have in your pulledpork.conf? And what path are 
you using from the tarball to get the so files?

Original comment by Cummin...@gmail.com on 22 Nov 2011 at 9:38

GoogleCodeExporter commented 9 years ago 
distro=RHEL-6-0

The .so files I manually copied are found in: 
so_rules/precompiled/RHEL-6-0/2.9.1.1/

Original comment by david.na...@gmail.com on 23 Nov 2011 at 12:04

GoogleCodeExporter commented 9 years ago 
Sorry, the .so path is actually so_rules/precompiled/RHEL-6-0/x86_64/2.9.1.1/

Original comment by david.na...@gmail.com on 23 Nov 2011 at 7:34

GoogleCodeExporter commented 9 years ago 
Had you specified the snort version in the pulledpork.conf as 2.9.1.1 ?

Original comment by Cummin...@gmail.com on 9 Jan 2012 at 11:37

GoogleCodeExporter commented 9 years ago 
Bug Scrub Bump

Original comment by Cummin...@gmail.com on 23 Jan 2012 at 4:26

GoogleCodeExporter commented 9 years ago 
I did not set snort_version in pulledpork.conf because the instructions say it 
will disable .so rules, which would defeat the whole purpose of this bug 
report...

Original comment by david.na...@gmail.com on 23 Jan 2012 at 5:03

GoogleCodeExporter commented 9 years ago 
Good catch, I'll mark this as closed, if you want to file a DOC bug, feel free 
but I will be changing that wording now.  Specifying that variable will work as 
you would expect, not as it is noted.. stubs WILL still be generated... 

Committed Fix Rev #236

Original comment by Cummin...@gmail.com on 26 Jan 2012 at 6:09