info
Não é mais possível fazer postagens ou usar assinaturas novas da Usenet nos Grupos do Google. O conteúdo histórico continua disponível.
Dismiss
[Snort-users] ERROR: The dynamic detection library
2.059 visualizações
Pular para a primeira mensagem não lida
Jerry McCaslin
8 de ago. de 2012, 20:56:4908/08/2012
para
Having problems starting snort on new build.
snort-2.9.3.1
snortrules-snapshot-2922
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/smtp.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.
Fatal Error, Quitting..
[root@FO-PIG ~]# snort -c /etc/snort/snort.conf -i eth1
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80:81 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371 55555 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371 55555 ]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
Tagged Packet Limit: 256
Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/multimedia.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/web-iis.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/imap.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/bad-traffic.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/web-misc.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/web-client.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/icmp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/web-activex.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/specific-threats.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/dos.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/misc.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/nntp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/snmp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/p2p.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/chat.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/smtp.so... done
Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules
Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/smtp.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.
Fatal Error, Quitting..
waldo kitty
8 de ago. de 2012, 22:47:0708/08/2012
para
On 8/8/2012 20:56, Jerry McCaslin wrote:
> Having problems starting snort on new build.
> snort-2.9.3.1
> snortrules-snapshot-2922
> ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/smtp.so"
> version 1.0 compiled with dynamic engine library version 1.15 isn't compatible
> with the current dynamic engine library
> "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.
> Fatal Error, Quitting..
if i'm reading the above correctly, you are trying to use the so rules from
> Having problems starting snort on new build.
> snort-2.9.3.1
> snortrules-snapshot-2922
> ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/smtp.so"
> version 1.0 compiled with dynamic engine library version 1.15 isn't compatible
> with the current dynamic engine library
> "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.
> Fatal Error, Quitting..
2.9.2.2 with 2.9.3.1 and "that dawg won't hunt"... the dynamic so rules have to
be from the same version as they are specifically compiled for each...
options?
1. download the proper rule set for your version of snort.
2. simply turn off the dynamic rules (comment a line in the conf).
3. remove all the so rules that are not compatible with your version of snort.
for #2 above, comment out the line in your snort.conf /similar/ to the following...
dynamicdetection directory /usr/local/lib/snort_dynamic_rules
just place a # at the beginning of the line and try starting snort again...
for #3 above, we've seen times where the old so rules or dynamicdetection
libraries were not removed during *our* upgrade process and the error was very
similar... i say similar because i can't recall it exactly... in any case, what
we did was to remove all of the so rules and dynamicdetection libraries and then
reinstall to place all the proper ones back where they needed to go... needless
to say, our upgrade procedures were modified after that ;)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
suzar...@gmail.com
30 de jan. de 2014, 08:55:0930/01/2014
para
snort not make the maximum performance?
suzar...@gmail.com
30 de jan. de 2014, 08:56:2130/01/2014
para
0 nova mensagem