Re: [Snort-users] error on "make" in so_rules

Hi Jeffrey, thanks for responding :)

--- Jeffrey Denton <dentonj@gmail.com> wrote:

> On Sun, Apr 20, 2008 at 11:38 PM, Rachmat Hidayat
> Al-Anshar
> <rachmat_hidayat_02@yahoo.com> wrote:
> > Hi all :)
> >
> >  I got this following error message when I try to
> >  issuing "make" in so_rules directory:
> >
> >  # make
> >  building p2p ... cc -c -ggdb -I. -I.. -I../..
> >  -I../src/dynamic-preprocessors/include/
> >  -I/usr/local/include
> >  -I../src/dynamic-examples/dynamic-rule/ -fPIC
> >  -fno-stack-protector -D
> DETECTION_LIB_NAME=\"p2p\" -o
> >  p2p.o p2p.c
> >  cc -c -ggdb -I. -I.. -I../..
> >  -I../src/dynamic-preprocessors/include/
> >  -I/usr/local/include
> >  -I../src/dynamic-examples/dynamic-rule/ -fPIC
> >  -fno-stack-protector -D
> DETECTION_LIB_NAME=\"p2p\" -o
> >  _meta.o _meta.c
> >  ld: p2p_*.o: No such file: No such file or
> directory
> >  *** Error code 1
> >
> >  Stop in /etc/snort/so_rules (line 22 of
> Makefile).
>
> The so_rules directory needs to be located in the
> Snort source
> directory (snort-2.8.1/so_rules) when compiled.  So
> unless you keep
> the source in /etc/snort...

Actually, I was rename the snort's directory from
'snort-2.8.0' becomes 'snort'. 
The so_rules being located at /etc/snort/so_rules when

compiled. 

# ls
Makefile                               
exploit_imail-ldap.c
Makefile.OSX                           
exploit_squid-ntlm-auth.c
_meta.c                                
netbios_writex.c
_meta.h                                 p2p.c
_meta.o                                 p2p.o
bad-traffic_pgm-nak-overflow.c          p2p_winny.c
category-build.pl                       pcre.h
dos_igmpv3.c                            pcreposix.h
dos_ms06-32.c                          
web-client_quicktimejpeg-underflow.c
exploit_dhcp-option-overflow.c
# pwd
/etc/snort/so_rules
# make
building p2p ... cc -c -ggdb -I. -I.. -I../..
-I../src/dynamic-preprocessors/include/
-I/usr/local/include
-I../src/dynamic-examples/dynamic-rule/ -fPIC
-fno-stack-protector -D DETECTION_LIB_NAME=\"p2p\" -o
p2p.o p2p.c
cc -c -ggdb -I. -I.. -I../..
-I../src/dynamic-preprocessors/include/
-I/usr/local/include
-I../src/dynamic-examples/dynamic-rule/ -fPIC
-fno-stack-protector -D DETECTION_LIB_NAME=\"p2p\" -o
_meta.o _meta.c
ld: p2p_*.o: No such file: No such file or directory
*** Error code 1

Stop in /etc/snort/so_rules (line 22 of Makefile).


> The snortrules-snapshot-CURRENT.tar.gz currently
> available from
> snort.org, registered user release, version 2.8,
> released on
> 2008-03-11, has a problem with the so_rules
> Makefile.  I reported this
> on 15 Mar 2008.  Matthew Watchinski says this issue
> is in the bug
> tracking system.

Thanks for the information :)

> >  What should I do to solving that kind of problem?
> >  nb: My Snort box is an OpenBSD4.1 machine.
>
> It would help to know the version of Snort and rules
> that you are using.

I beg a pardon, my bad.
Its Snort-2.8.0 with pretty old version of 
snortrules-snapshot-CURRENT. I am using this 
for testing purpose only and there is no 
bug from implementation at another machines.

Thanks in advance
Rachmat Hidayat Al Anshar


      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users