Snort: /opt/local/lib/snort_dynamicengine/libsf_engine.dylib: No such file or directory

Jean-Francois Gobin jf at gobinjf.be
Sat Nov 5 19:23:08 PDT 2011 

Good Evening Fyodor and team,

I reproduced that home. The files are compiled as so files, not dylib.

>From the macport tree, I cp'd the snort tarball into a directory
within my home,

cd ./var/macports/distfiles/snort
cp snort-2.9.0.5.tar.gz ~/temp

Then I went there, untar'd the archive, cd'd, ran configure, then:

cd src/dynamic-plugins
make
cd sf_engine
gcc -dynamiclib -o libsf_engine.dylib -dylib bmh.o sf_ip.o
sf_snort_detection_engine.o sf_snort_plugin_api.o
sf_snort_plugin_byte.o sf_snort_plugin_content.o
sf_snort_plugin_hdropts.o sf_snort_plugin_loop.o
sf_snort_plugin_pcre.o sf_snort_plugin_rc4.o sfghash.o sfhashfcn.o
sfprimetable.o

and copied the resulting dylib into /opt/local/lib/snort_dynamicengine/

In /opt/local/etc/snort/snort.conf.dist, you have to comment

# dynamicdetection directory /usr/local/lib/snort_dynamicrules

Otherwise it will look in /usr for the dynamic rules.

Also, you have to make sure your include statements point to rules,
and that you're logging into something you have access to.

I had to change/suppress a bunch of configuration lines: compress_,
decompress_, normalize and so forth. At the end, it worked.

J.



On Sat, Nov 5, 2011 at 4:32 PM, Fyodor Vassiley
<fyodor.vassiley at gmail.com> wrote:
> Hi
>
> I use the /opt/local/etc/snort/snort.conf.dist (that comes with
> MacPorts) expect that I changed ipvar to var because I don't use IPv6.
>
> Now tried to running Snort as a Daemon:
>
>> snort -d -h 192.168.45.0/24 -l /var/log/snort.log -c /opt/local/etc/snort/snort.conf
> Running in IDS mode
>
>        --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "/opt/local/etc/snort/snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80 311 591 593 901 1220 1414 1830
> 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088
> 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> Detection:
>   Search-Method = AC-Full-Q
>    Split Any/Any group = enabled
>    Search-Method-Optimizations = enabled
>    Maximum pattern length = 20
> ERROR: parser.c(5245) Could not stat dynamic module path
> "/opt/local/lib/snort_dynamicengine/libsf_engine.dylib": No such file
> or directory.
> Fatal Error, Quitting..
>
> Fyodor
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
>



-- 
Jean Gobin, CCENT, CCNA, CCNA Security
http://newsfromjean.blogspot.com/

More information about the macports-users mailing list