Snort update to 2.5.3: not starting with fatal error bad-traffic.so
-
After updating to v2.5.3 on an amd64 full install i get this error on starting snort:
snort[31822]: FATAL ERROR: Failed to load /usr/local/lib/snort/dynamicrules/bad-traffic.so: /usr/local/lib/snort/dynamicrules/bad-traffic.so: Undefined symbol "freeRuleData"
I tried to disable bad-traffic.so, but the error still exists. snort wont start. :(
-
Have you enabled Resolve Flowbits under the Categories tab? I'm running snort_bad-traffic.so.rules and snort_bad-traffic.rules and I'm not getting any fatal errors on amd64, 2.1 Beta.
-
Do a full package uninstall and install. It worked for me.
-
Full deinstall and install did the job. Resolve Flowbits was enabled too. Thanks a lot! Its working now.
-
I am the author of the latest Snort changes, and I also saw the same error when I did a re-install versus an uninstall followed by a re-install. Searching back through the forum messages, there is a thread about this being a problem with the package manager tools and not with any individual package. The recommendation is to always do an uninstall and then a re-install, instead of just clicking the re-install icon. It would be nice if the simple re-install would work, though.
As for the changes in this Snort package, probably the most important is the new auto-flowbits resolution feature. However, in order to for this work properly after a full re-install; you need to first enable the feature in the CATEGORIES tab, update the rules files in the UPDATES tab, and then stop and restart Snort. Otherwise, the new flowbit resolution won't be registered in the snort.conf file. I just discovered this glitch during my uninstall and re-install testing today. I have a fix in mind that I will submit in a day or two for Ermal to consider. In the meantime, just remember to cycle Snort on your interfaces one more time AFTER doing the initial rules download/update with the UPDATES tab. Thereafter, things will work fine.
Bill