Snort 2.9.2.3 pkg v. 2.5.4 rules EOL
-
fixed now.
As with previous snort binary upgrades, make sure you uninstall completely and then reinstall to ensure you have the correct set of files/packages.
-
Awesome, I got Snort installed now, thanks!
It won't start when balanced or security is enabled for the rules under Snort settings. This is what I get:
Mar 21 18:16:34 php: /snort/snort_interfaces.php: Interface Rule START for WAN(em0)... Mar 21 18:17:09 check_reload_status: Syncing firewall Mar 21 18:17:11 php: /snort/snort_rulesets.php: Checking for and disabling any rules dependent upon disabled preprocessors for WAN... Mar 21 18:17:11 php: /snort/snort_rulesets.php: Resolving and auto-enabling flowbit required rules for WAN... Mar 21 18:17:22 php: /snort/snort_interfaces.php: Toggle(snort starting) for WAN(WAN)... Mar 21 18:17:23 php: /snort/snort_interfaces.php: Checking for and disabling any rules dependent upon disabled preprocessors for WAN... Mar 21 18:17:23 php: /snort/snort_interfaces.php: Resolving and auto-enabling flowbit required rules for WAN... Mar 21 18:17:26 snort[15764]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17. Mar 21 18:17:26 snort[15764]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17. Mar 21 18:17:26 php: /snort/snort_interfaces.php: Interface Rule START for WAN(em0)...Any ideas?
Thanks,
-th3r3isnospoon
-
Awesome, I got Snort installed now, thanks!
It won't start when balanced or security is enabled for the rules under Snort settings. This is what I get:
Mar 21 18:16:34 php: /snort/snort_interfaces.php: Interface Rule START for WAN(em0)... Mar 21 18:17:09 check_reload_status: Syncing firewall Mar 21 18:17:11 php: /snort/snort_rulesets.php: Checking for and disabling any rules dependent upon disabled preprocessors for WAN... Mar 21 18:17:11 php: /snort/snort_rulesets.php: Resolving and auto-enabling flowbit required rules for WAN... Mar 21 18:17:22 php: /snort/snort_interfaces.php: Toggle(snort starting) for WAN(WAN)... Mar 21 18:17:23 php: /snort/snort_interfaces.php: Checking for and disabling any rules dependent upon disabled preprocessors for WAN... Mar 21 18:17:23 php: /snort/snort_interfaces.php: Resolving and auto-enabling flowbit required rules for WAN... Mar 21 18:17:26 snort[15764]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17. Mar 21 18:17:26 snort[15764]: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort/dynamicrules/web-misc.so" version 1.0 compiled with dynamic engine library version 1.15 isn't compatible with the current dynamic engine library "/usr/local/lib/snort/dynamicengine/libsf_engine.so" version 1.17. Mar 21 18:17:26 php: /snort/snort_interfaces.php: Interface Rule START for WAN(em0)...Any ideas?
Thanks,
-th3r3isnospoon
Hello
I had this problem in a machine that had Snort worked again, but in a new installed one today it worked at first, so i went to investigate this and got it working again this way:
First, i removed Snort from GUI as jimp said before and reinstalled it. No luck
Then i removed again from the GUI and ssh into the pfSense box and searched for remaining Snort related packages and found this:
pkg_info | grep -i snort
barnyard2-1.9_2 An output system for Snort or Suricata that parses unified2
daq-0.6.2 Data Acquisition abstraction library for snort 2.9+
snort-2.9.0.5_1 Lightweight network intrusion detection system
snort-2.9.2.3 Lightweight network intrusion detection systemSo i removed them (got a lot of errors about files/directories that don't exists, but they dissapeared from pkg_info). The daq is removed at the end because a dependencies problem if removed before snort packages.
pkg_delete barnyard2-1.9_2
pkg_delete snort-2.9.0.5_1
pkg_delete snort-2.9.2.3
pkg_delete daq-0.6.2Then installed again Snort from GUI and no luck again, so uninstalled again, returned to the shell and removed the files that remained in dynamic rules:
ls -la /usr/local/lib/snort/dynamicrules
total 2912
drwxr-xr-x 2 root wheel 1024 Mar 22 21:14 .
drwxr-xr-x 3 root wheel 512 Mar 22 21:17 ..
-rwxr-xr-x 1 root wheel 215070 Mar 21 06:06 bad-traffic.so
-rwxr-xr-x 1 root wheel 35048 Mar 21 06:06 chat.so
-rwxr-xr-x 1 root wheel 289620 Mar 21 06:06 dos.so
-rwxr-xr-x 1 root wheel 415191 Mar 21 06:06 exploit.so
-rwxr-xr-x 1 root wheel 35957 Mar 21 06:06 icmp.so
-rwxr-xr-x 1 root wheel 38334 Mar 21 06:06 imap.so
-rwxr-xr-x 1 root wheel 271491 Mar 21 06:06 misc.so
-rwxr-xr-x 1 root wheel 57845 Mar 21 06:06 multimedia.so
-rwxr-xr-x 1 root wheel 194032 Mar 21 06:06 netbios.so
-rwxr-xr-x 1 root wheel 34118 Mar 21 06:06 nntp.so
-rwxr-xr-x 1 root wheel 32907 Mar 21 06:06 p2p.so
-rwxr-xr-x 1 root wheel 120708 Mar 21 06:06 smtp.so
-rwxr-xr-x 1 root wheel 57449 Mar 21 06:06 snmp.so
-rwxr-xr-x 1 root wheel 67883 Mar 21 06:06 specific-threats.so
-rwxr-xr-x 1 root wheel 44049 Mar 21 06:06 web-activex.so
-rwxr-xr-x 1 root wheel 821935 Mar 21 06:06 web-client.so
-rwxr-xr-x 1 root wheel 35336 Mar 21 06:06 web-iis.so
-rwxr-xr-x 1 root wheel 62244 Mar 21 06:06 web-misc.soSo,
rm -rf /usr/local/lib/snort/dynamicrules
Installed again from GUI, and voila! it is working.
Hope this helps someone and helps to fix the reinstall process.
Best,
-
Nice josemaX ;D
I actually got my Snort to work as well.
I reinstalled the whole thing this past afternoon and it now its working flawlessly :)
-th3r3isnospoon
-
Thanks, this fixed my issue too.
Looks like over the time it can accumulate "trash" from update to update. :'(
-
Then installed again Snort from GUI and no luck again, so uninstalled again, returned to the shell and removed the files that remained in dynamic rules:
ls -la /usr/local/lib/snort/dynamicrules
total 2912
drwxr-xr-x 2 root wheel 1024 Mar 22 21:14 .
drwxr-xr-x 3 root wheel 512 Mar 22 21:17 ..
-rwxr-xr-x 1 root wheel 215070 Mar 21 06:06 bad-traffic.so
-rwxr-xr-x 1 root wheel 35048 Mar 21 06:06 chat.so
-rwxr-xr-x 1 root wheel 289620 Mar 21 06:06 dos.so
-rwxr-xr-x 1 root wheel 415191 Mar 21 06:06 exploit.so
-rwxr-xr-x 1 root wheel 35957 Mar 21 06:06 icmp.so
-rwxr-xr-x 1 root wheel 38334 Mar 21 06:06 imap.so
-rwxr-xr-x 1 root wheel 271491 Mar 21 06:06 misc.so
-rwxr-xr-x 1 root wheel 57845 Mar 21 06:06 multimedia.so
-rwxr-xr-x 1 root wheel 194032 Mar 21 06:06 netbios.so
-rwxr-xr-x 1 root wheel 34118 Mar 21 06:06 nntp.so
-rwxr-xr-x 1 root wheel 32907 Mar 21 06:06 p2p.so
-rwxr-xr-x 1 root wheel 120708 Mar 21 06:06 smtp.so
-rwxr-xr-x 1 root wheel 57449 Mar 21 06:06 snmp.so
-rwxr-xr-x 1 root wheel 67883 Mar 21 06:06 specific-threats.so
-rwxr-xr-x 1 root wheel 44049 Mar 21 06:06 web-activex.so
-rwxr-xr-x 1 root wheel 821935 Mar 21 06:06 web-client.so
-rwxr-xr-x 1 root wheel 35336 Mar 21 06:06 web-iis.so
-rwxr-xr-x 1 root wheel 62244 Mar 21 06:06 web-misc.soSo,
rm -rf /usr/local/lib/snort/dynamicrules
Installed again from GUI, and voila! it is working.
Hope this helps someone and helps to fix the reinstall process.
Best,
Awesome josemaX !
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[
/U -
The weird part is that pfsense/Snort acts like Windows since the accumulated trash doesnt get deleted when packages are removed or reinstalled!
-
The weird part is that pfsense/Snort acts like Windows since the accumulated trash doesnt get deleted when packages are removed or reinstalled!
Have to agree with you on that part. Wintendo.
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U -
The problem with is that snort is a really bad package in general.
When you reinstall you complain that your rules were there and you want them on the other side
you complain that the old craft is being kept there!I will give a look to find the compromise but for now its a bit of solution needed.
-
josemaX,
Your fix totally worked for me. Thanks!
-
I'm glad that i could help you. :D
Best,
