ports/153224: security/snort misplaces dynamic rules is you select snortsam.

Michael Scheidell michael.scheidell at secnap.com
Thu Dec 16 17:50:13 UTC 2010 

>Number:         153224
>Category:       ports
>Synopsis:       security/snort misplaces dynamic rules is you select snortsam.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 16 17:50:12 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        7.3 amd
>Organization:
SECNAP Network Security
>Environment:
FreeBSD success-ca.hackertrap.net 7.3-RELEASE-p1 FreeBSD 7.3-RELEASE-p1 #4: Fri Jun 11 17:17:14 UTC 2010     root at ht-amd-ghost.hackertrap.net:/usr/obj/usr/src/sys/ENTHACKER  amd64

>Description:
building snort version 2.8.6.1 WITHOUT snortsam installs, deinstalls, runs, creates packages correctly. brand new portstree (as of 10am dec 16, est)


however, building it with both dynamic rules AND snortsam, with put the dynamic rules in the wrong directory, makeing packages impossible to build, deinstall doesn't know where things are, and the sample snort.conf is wrong also.

example:
building WITH DYNAMIC RULES and without SNORT SAM, the dynamic pre-processor rules are installed in:
/usr/local/lib/snort/

but, if you select BOTH DYNAMIC RULES and SNORTSAM, they are put here:

cd /usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:26 snort_dynamicpreprocessor
drwxr-xr-x  2 root  wheel   512 Dec 16 09:26 snort_dynamicengine

(notice the _ maybe should be a /?  
)

and, since pkg_plist is looking in /usr/local/lib/snort/dynamic*, packages wont' build, and deinstall doesn't remove them.

clearly in source, if you build with/without snortsam, and do a grep -R, you can see it builds the source differently.



>How-To-Repeat:
cd /usr/ports/security/snort
select defaults (dynamic rules, flexresp, perfprofile) and add 'snortsam'

make clean deinstall reinstall

 grep -R snort_dynamic ./

(yep, lots of links to snort_dynamic, and NOT snort/dynamic.. confusing)

cd /usr/local/lib/snort

(not there
cd /usr/local/lib/snort_dynamicengine

make package fails:

tar: lib/snort/dynamicengine/libsf_engine.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so.0: Cannot stat: No such file or directory
tar: libdata/pkgconfig/snort.pc: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors.



>Fix:
find the 'thing' that somehow breaks where snort dynamic rules go.
workaround:

cd /usr/ports/security/snort
make config (select dynamic,flex,perf and snortsam)
make clean
make install
cp -p ./work/snort-2.8.6.1/snort.pc /usr/local/libdata/pkgconfig/

/usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel   512 Dec 16 09:38 snort_dynamicengine
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:38 snort_dynamicpreprocessor
mkdir snort
mkdir snort/dynamicengine
mkdir snort/dynamicpreprocessor
mv snort_dynamicengine/* snort/dynamicengine/
mv snort_dynamicpreprocessor/* snort/dynamicpreprocessor/




>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list