Actions
Bug #6736
closedSnort fails to start after upgrade to 2.3.2-RELEASE
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
08/22/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.3.2
Affected Plus Version:
Affected Architecture:
amd64
Description
After upgrading to 2.3.2-Release from 2.3.1-5 snort fails to start with a FATAL error: Aug 22 11:20:01 pfSense snort12846: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
The full output of snort -T -c snort.conf is as follows:
Running in Test mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "snort.conf"
PortVar 'DNS_PORTS' defined : [ 53 ]
PortVar 'SMTP_PORTS' defined : [ 25 ]
PortVar 'MAIL_PORTS' defined : [ 25 465 587 691 ]
PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 591 593 631 901 1220 1414 1533 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999:10000 11371 15489 29991 33300 34412 34443:34444 41080 44440 50000 50002 51423 55555 56712 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'MSSQL_PORTS' defined : [ 1433 ]
PortVar 'TELNET_PORTS' defined : [ 23 ]
PortVar 'SNMP_PORTS' defined : [ 161 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'POP2_PORTS' defined : [ 109 ]
PortVar 'POP3_PORTS' defined : [ 110 ]
PortVar 'IMAP_PORTS' defined : [ 143 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'AUTH_PORTS' defined : [ 113 ]
PortVar 'FINGER_PORTS' defined : [ 79 ]
PortVar 'IRC_PORTS' defined : [ 6665:6669 7000 ]
PortVar 'SMB_PORTS' defined : [ 139 445 ]
PortVar 'NNTP_PORTS' defined : [ 119 ]
PortVar 'RLOGIN_PORTS' defined : [ 513 ]
PortVar 'RSH_PORTS' defined : [ 514 ]
PortVar 'SSL_PORTS' defined : [ 443 465 563 636 989 992:995 7801:7802 7900:7920 ]
PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 591 593 631 901 1220 1414 1533 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999:10000 11371 15489 29991 33300 34412 34443:34444 41080 44440 50000 50002 51423 55555 56712 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'SUN_RPC_PORTS' defined : [ 111 32770:32779 ]
PortVar 'DCERPC_NCACN_IP_TCP' defined : [ 139 445 ]
PortVar 'DCERPC_NCADG_IP_UDP' defined : [ 138 1024:65535 ]
PortVar 'DCERPC_NCACN_IP_LONG' defined : [ 135 139 445 593 1024:65535 ]
PortVar 'DCERPC_NCACN_UDP_LONG' defined : [ 135 1024:65535 ]
PortVar 'DCERPC_NCACN_UDP_SHORT' defined : [ 135 593 1024:65535 ]
PortVar 'DCERPC_NCACN_TCP' defined : [ 2103 2105 2107 ]
PortVar 'DCERPC_BRIGHTSTORE' defined : [ 6503:6504 ]
PortVar 'DNP3_PORTS' defined : [ 20000 ]
PortVar 'MODBUS_PORTS' defined : [ 502 ]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-BNFA-Q
Maximum pattern length = 20
Search-Method-Optimizations = enabled
Tagged Packet Limit: 256
Loading all dynamic engine libs from /usr/local/lib/snort_dynamicengine...
Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Finished Loading all dynamic engine libs from /usr/local/lib/snort_dynamicengine
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-executable.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-tftp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so... done
Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules
Loading all dynamic preprocessor libs from /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor...
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_smtp_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ssl_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_sip_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ssh_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_dce2_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_dns_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_pop_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_imap_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_appid_preproc.so... done
Finished Loading all dynamic preprocessor libs from /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
Fatal Error, Quitting..
Further investigation showed that the snort ruleset was not updated. FORCE UPDATING did update the ruleset and now everything is working fine.
Actions