Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
snortsam for snort-2.8.4.1 [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Thu May 14, 2009 2:49 pm    Post subject: snortsam for snort-2.8.4.1 [SOLVED] Reply with quote

Hello

I see that snort-2.8.4.1 is officially out. Also, that it no longer has the snortsam USE flag. I saw a patch and ebuild for snort-2.8.3 to use snortsam in bugs
https://bugs.gentoo.org/245752

I modified the patch to be applied to 2.8.4.1 and updated the 2.8.4.1 ebuild to use the patch, but I get the following errors during the compile:

Code:
Making install in output-plugins
make[2]: Entering directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src/output-plugins'
i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/portscan -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I../../src/target-based  -I/usr/include/mysql -DENABLE_MYSQL -fno-strict-aliasing  -march=pentium4 -O3 -funroll-loops -fprefetch-loop-arrays -pipe -Wall -DDYNAMIC_PLUGIN -fno-strict-aliasing -c spo_alert_fwsam.c
In file included from spo_alert_fwsam.c:109:
spo_alert_fwsam.h:36:19: error: fatal.h: No such file or directory
spo_alert_fwsam.c: In function 'AlertFWsamSetup':
spo_alert_fwsam.c:144: error: too few arguments to function 'RegisterPlugin'
make[2]: *** [spo_alert_fwsam.o] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src/output-plugins'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src'
make: *** [install-recursive] Error 1


I would like to upgrade snort, but I need to have snortsam functionality. Anyone else out there trying to get this to work?

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!


Last edited by hanj on Fri Jun 12, 2009 2:20 pm; edited 1 time in total
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Wed May 20, 2009 1:54 am    Post subject: Reply with quote

* bump *
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Sun May 24, 2009 4:11 pm    Post subject: Reply with quote

Seriously? No one is using snortsam with snort these days?
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
krisse
Guru
Guru


Joined: 15 Mar 2005
Posts: 325
Location: Sweden

PostPosted: Thu May 28, 2009 12:48 pm    Post subject: Reply with quote

Helping to *bump*. :P
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Mon Jun 08, 2009 7:22 pm    Post subject: Reply with quote

bump. Looks like rules for 2.6 are no longer.. this is starting to be a priority. Anyone?
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
slyguy2000
n00b
n00b


Joined: 10 Jun 2009
Posts: 2
Location: Southeastern Pennsylvania

PostPosted: Wed Jun 10, 2009 3:45 pm    Post subject: Reply with quote

I have one working with snort-2.8.4.1! :lol:


you can download the diff from here: {REMOVED}

Please see the official Snortsam site for the latest .diff file, as they have it listed there now.
_________________
-> SlyGuy2000

Violence isn't always the answer, but it's a nice alternative.


Last edited by slyguy2000 on Fri Jun 12, 2009 5:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
slyguy2000
n00b
n00b


Joined: 10 Jun 2009
Posts: 2
Location: Southeastern Pennsylvania

PostPosted: Wed Jun 10, 2009 3:59 pm    Post subject: Re: snortsam for snort-2.8.4.1 Reply with quote

hanj wrote:
Hello

I see that snort-2.8.4.1 is officially out. Also, that it no longer has the snortsam USE flag. I saw a patch and ebuild for snort-2.8.3 to use snortsam in bugs
https://bugs.gentoo.org/245752

I modified the patch to be applied to 2.8.4.1 and updated the 2.8.4.1 ebuild to use the patch, but I get the following errors during the compile:

Code:
Making install in output-plugins
make[2]: Entering directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src/output-plugins'
i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/portscan -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I../../src/target-based  -I/usr/include/mysql -DENABLE_MYSQL -fno-strict-aliasing  -march=pentium4 -O3 -funroll-loops -fprefetch-loop-arrays -pipe -Wall -DDYNAMIC_PLUGIN -fno-strict-aliasing -c spo_alert_fwsam.c
In file included from spo_alert_fwsam.c:109:
spo_alert_fwsam.h:36:19: error: fatal.h: No such file or directory
spo_alert_fwsam.c: In function 'AlertFWsamSetup':
spo_alert_fwsam.c:144: error: too few arguments to function 'RegisterPlugin'
make[2]: *** [spo_alert_fwsam.o] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src/output-plugins'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4.1/work/snort-2.8.4.1/src'
make: *** [install-recursive] Error 1


I would like to upgrade snort, but I need to have snortsam functionality. Anyone else out there trying to get this to work?

Thanks!
hanji


You were really close... I don't know what you had in your code, but besides line numbers needing to be tweaked, you need to add fatal.h to your src folder (I copied it from 2.8.3) and after that you have gotten an error about not enough arguments for RegisterPlugin on the AlertFWsamOption... you would need to add a NULL argument to the line to make it like this:
Code:
RegisterPlugin("fwsam", AlertFWsamOptionInit, NULL, OPT_TYPE_ACTION);


the diff that I made, will build the fatal.h for you, so no need to copy it from the previous version.

g'luk on getting yours up and running... Please keep us posted if you have any other problems.
_________________
-> SlyGuy2000

Violence isn't always the answer, but it's a nice alternative.
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Fri Jun 12, 2009 2:20 pm    Post subject: Reply with quote

slyguy2000 wrote:
I have one working with snort-2.8.4.1! :lol:


you can download the diff from here: LINK


Hello slyguy2000

Thanks much for that. I was able to get snort built with snortsam patch!!! Much appreciated.

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
nOw2
n00b
n00b


Joined: 21 Dec 2005
Posts: 4

PostPosted: Sun Jun 14, 2009 11:09 am    Post subject: Reply with quote

Thanks for the mention that snort no longer has the snortsam use flag. Creating a patched archive then removing the checksum test allow the ebuild to install as it used to work, and so has got my firewall back up and running.

It seems that every time I emerge something on Gentoo something major has changed. I'm really losing the faith.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14730

PostPosted: Sun Jun 14, 2009 4:29 pm    Post subject: Reply with quote

nOw2 wrote:
It seems that every time I emerge something on Gentoo something major has changed. I'm really losing the faith.

Gentoo is a moving target, and generally tracks upstream. If you use packages that have upstream maintainers that like to make major changes on a regular basis, then yes, you will experience major changes every time you upgrade. Your options are: complain to upstream that they need to stop making such major changes, switch to a distribution like Red Hat or SuSE that believes in backporting bug fixes rather than going to new versions, or find/hire someone to help you with the backports so that you can avoid going to new versions.
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1402

PostPosted: Sun Jun 14, 2009 4:40 pm    Post subject: Reply with quote

Hu wrote:
nOw2 wrote:
It seems that every time I emerge something on Gentoo something major has changed. I'm really losing the faith.

Gentoo is a moving target, and generally tracks upstream. If you use packages that have upstream maintainers that like to make major changes on a regular basis, then yes, you will experience major changes every time you upgrade. Your options are: complain to upstream that they need to stop making such major changes, switch to a distribution like Red Hat or SuSE that believes in backporting bug fixes rather than going to new versions, or find/hire someone to help you with the backports so that you can avoid going to new versions.


Hu, that was well said! Gentoo can be a pain at times, but the benefits so out way the irritations for me. I can't imagine working with anything else.

hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum