Snort: /opt/local/lib/snort_dynamicengine/libsf_engine.dylib: No such file or directory

Jean-Francois Gobin jf at gobinjf.be
Sun Nov 6 09:06:02 PST 2011 

There you go.

It is to be applied after "./configure" and from the directory
immediately up of "snort-2.9.0.5". I tested outside mac ports and it
works fine.

It (horribly) fixes src/dynamic-plugins/sf_engine/Makefile into
compiling a .dylib in addition to the .so.

There are other .so, namely the dynamic processors.

It doesn't fix the "snort.conf.dist". I'll submit a patch later when I
have the time.


J.



On Sat, Nov 5, 2011 at 11:41 PM, Ryan Schmidt <ryandesign at macports.org> wrote:
> On Nov 5, 2011, at 21:23, Jean-Francois Gobin wrote:
>
>> I reproduced that home. The files are compiled as so files, not dylib.
>>
>> From the macport tree, I cp'd the snort tarball into a directory
>> within my home,
>>
>> cd ./var/macports/distfiles/snort
>> cp snort-2.9.0.5.tar.gz ~/temp
>>
>> Then I went there, untar'd the archive, cd'd, ran configure, then:
>>
>> cd src/dynamic-plugins
>> make
>> cd sf_engine
>> gcc -dynamiclib -o libsf_engine.dylib -dylib bmh.o sf_ip.o
>> sf_snort_detection_engine.o sf_snort_plugin_api.o
>> sf_snort_plugin_byte.o sf_snort_plugin_content.o
>> sf_snort_plugin_hdropts.o sf_snort_plugin_loop.o
>> sf_snort_plugin_pcre.o sf_snort_plugin_rc4.o sfghash.o sfhashfcn.o
>> sfprimetable.o
>>
>> and copied the resulting dylib into /opt/local/lib/snort_dynamicengine/
>>
>> In /opt/local/etc/snort/snort.conf.dist, you have to comment
>>
>> # dynamicdetection directory /usr/local/lib/snort_dynamicrules
>>
>> Otherwise it will look in /usr for the dynamic rules.
>>
>> Also, you have to make sure your include statements point to rules,
>> and that you're logging into something you have access to.
>>
>> I had to change/suppress a bunch of configuration lines: compress_,
>> decompress_, normalize and so forth. At the end, it worked.
>
> Can you turn these instructions into a portfile patch?
>
> It seems like the only thing it's doing wrong at the moment is using the ".so" extension when it should use the ".dylib" extension. It seems like that might be a simple thing to fix.
>
> I submitted a ticket to update snort to the latest version, but it does not fix this problem.
>
>
>
>



-- 
Jean Gobin, CCENT, CCNA, CCNA Security
http://newsfromjean.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: srcdyplsfengMakefile.patch
Type: application/octet-stream
Size: 1299 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20111106/8783caf0/attachment.obj>

More information about the macports-users mailing list