Snort OS rules problem

Nikosis · 03-12-2008, 11:31 PM

Hi
I'd have try to compile the Shared Object rules, but I'm getting this error

Code:

snort-2.8.0.2/so_rules/src$ make
ls: cannot access web-misc_*.c: No such file or directory
p2p_winny.c:24:33: error: sf_snort_plugin_api.h: No such file or directory
p2p_winny.c:25:29: error: sf_snort_packet.h: No such file or directory
p2p_winny.c:31: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ruleWINNYref1'
p2p_winny.c:37: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
p2p_winny.c:43: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
p2p_winny.c:48: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ruleWINNY'
p2p_winny.c: In function 'ruleWINNYeval':
p2p_winny.c:80: error: 'u_int32_t' undeclared (first use in this function)
p2p_winny.c:80: error: (Each undeclared identifier is reported only once
p2p_winny.c:80: error: for each function it appears in.)
p2p_winny.c:80: error: expected ';' before 'i'
p2p_winny.c:81: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
p2p_winny.c:81: error: 'ptr' undeclared (first use in this function)
p2p_winny.c:82: error: 'u_int8_t' undeclared (first use in this function)
p2p_winny.c:82: error: expected ';' before 't'
p2p_winny.c:84: error: expected ';' before 's'
p2p_winny.c:108: error: 'SFSnortPacket' undeclared (first use in this function)
p2p_winny.c:108: error: 'sp' undeclared (first use in this function)
p2p_winny.c:108: error: expected expression before ')' token
p2p_winny.c:110: error: 'NULL' undeclared (first use in this function)
p2p_winny.c:111: error: 'RULE_NOMATCH' undeclared (first use in this function)
p2p_winny.c:119: error: 't' undeclared (first use in this function)
p2p_winny.c:120: error: 'i' undeclared (first use in this function)
p2p_winny.c:121: error: 's' undeclared (first use in this function)
p2p_winny.c:122: error: 'tmp' undeclared (first use in this function)
p2p_winny.c:131: error: 'RULE_MATCH' undeclared (first use in this function)
make: *** [p2p_winny] Error 1

The Makefile lists "BASEDIR=../". But entries such as
"ENGINEDIR=$(BASEDIR)/src/dynamic-plugins/sf_engine" are not one
directory below the source directory, they are two below.
So I changed BASEDIR to "BASEDIR=../.." and try run make again. But than following errors are produced:

Code:

ls: cannot access web-misc_*.c: No such file or directory
building p2p ... done
building dos ... done
building exploit ... done
building bad-traffic ... done
building web-client ... done
building netbios ... done
building misc ... done
building nntp ... done
building smtp ... done
building web-misc ... ld: web-misc_*.o: No such file: No such file or directory
make: *** [web-misc] Error 1

Any ideas how to fix it

Thx

unSpawn · 03-13-2008, 05:18 AM

Quote:

Originally Posted by Nikosis

ls: cannot access web-misc_*.c: No such file or directory

If you 'find' through the source dir do these web-misc.* reside in another dir or are they nonexistent?

Nikosis · 03-13-2008, 11:31 AM

The problem is that there is no such files as web-misc_*.* , there is only web-misc.o and web-misc.c and these files are in the same dir as Makefile

unSpawn · 03-13-2008, 03:54 PM

So it could be like a typo you could try and correct, then?

Nikosis · 03-13-2008, 09:20 PM

What should I change than.

unSpawn · 03-14-2008, 07:11 AM

Until you put this in Snort's bug tracker? Nothing. There haven't been written any web-misc_* rules. You're not missing much anyway that can't be loaded in the old school way: the precompiled web-misc modules only load one rule and that's SID 13308.

Nikosis · 03-14-2008, 11:11 AM

Hi
Thanks for your help, I appreciate it.