Good Evening Fyodor and team, I reproduced that home. The files are compiled as so files, not dylib.
>From the macport tree, I cp'd the snort tarball into a directory within my home, cd ./var/macports/distfiles/snort cp snort-2.9.0.5.tar.gz ~/temp Then I went there, untar'd the archive, cd'd, ran configure, then: cd src/dynamic-plugins make cd sf_engine gcc -dynamiclib -o libsf_engine.dylib -dylib bmh.o sf_ip.o sf_snort_detection_engine.o sf_snort_plugin_api.o sf_snort_plugin_byte.o sf_snort_plugin_content.o sf_snort_plugin_hdropts.o sf_snort_plugin_loop.o sf_snort_plugin_pcre.o sf_snort_plugin_rc4.o sfghash.o sfhashfcn.o sfprimetable.o and copied the resulting dylib into /opt/local/lib/snort_dynamicengine/ In /opt/local/etc/snort/snort.conf.dist, you have to comment # dynamicdetection directory /usr/local/lib/snort_dynamicrules Otherwise it will look in /usr for the dynamic rules. Also, you have to make sure your include statements point to rules, and that you're logging into something you have access to. I had to change/suppress a bunch of configuration lines: compress_, decompress_, normalize and so forth. At the end, it worked. J. On Sat, Nov 5, 2011 at 4:32 PM, Fyodor Vassiley <[email protected]> wrote: > Hi > > I use the /opt/local/etc/snort/snort.conf.dist (that comes with > MacPorts) expect that I changed ipvar to var because I don't use IPv6. > > Now tried to running Snort as a Daemon: > >> snort -d -h 192.168.45.0/24 -l /var/log/snort.log -c >> /opt/local/etc/snort/snort.conf > Running in IDS mode > > --== Initializing Snort ==-- > Initializing Output Plugins! > Initializing Preprocessors! > Initializing Plug-ins! > Parsing Rules file "/opt/local/etc/snort/snort.conf" > PortVar 'HTTP_PORTS' defined : [ 80 311 591 593 901 1220 1414 1830 > 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 > 8118 8123 8180 8243 8280 8888 9090:9091 9443 9999 11371 ] > PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] > PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] > PortVar 'SSH_PORTS' defined : [ 22 ] > Detection: > Search-Method = AC-Full-Q > Split Any/Any group = enabled > Search-Method-Optimizations = enabled > Maximum pattern length = 20 > ERROR: parser.c(5245) Could not stat dynamic module path > "/opt/local/lib/snort_dynamicengine/libsf_engine.dylib": No such file > or directory. > Fatal Error, Quitting.. > > Fyodor > _______________________________________________ > macports-users mailing list > [email protected] > http://lists.macosforge.org/mailman/listinfo.cgi/macports-users > -- Jean Gobin, CCENT, CCNA, CCNA Security http://newsfromjean.blogspot.com/ _______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
