New Snortsam patch for Snort 2.8.0.1

Matt Jonkman of Emerging Threats asked me to have a look at the existing Snortsam 2.8.0.1 patch as people were continuing to report problems with it. I updated it to compile without compiler warnings, build cleanly with debugging enabled, build cleanly with Snort’s IPv6 support enabled and added a check so it won’t act on alerts in IPv6 packets since the Snortsam framework does not support IPv6. Finally I removed the patch script so it’s provided as a ‘normal’ diff. Here is the patch: http://www.inliniac.net/files/snortsam-2.8.0.1.diff

Here are the instructions for getting your Snort 2.8.0.1 source patched:

Make sure you have a clean Snort 2.8.0.1 tree, then patch it:

cd snort-2.8.0.1
patch -p1 < ../snortsam-2.8.0.1.diff

Next, run ‘autojunk.sh’ to update the build system (you need to have libtoolize, aclocal, autoheader, autoconf and automake installed). After this, configure and build Snort normally:

./configure <your configure options>
make
make install

Thats it.

Thanks to Matt Jonkman of Emerging Threats for paying me to do this and CunningPike for doing the first iterations of the patch!

2 thoughts on “New Snortsam patch for Snort 2.8.0.1

  1. Hi,

    Richard Bejtlich from http://taosecurity.blogspot.com recommended that I ask this question at this blog. I wasn’t sure where the best place was to post my question so I’m asking via the comments:

    Do you know of any recent updates about running Snort_inline on a FreeBSD bridge? It’s my understanding that FreeBSD as it currently stands isn’t capable of sending packets to Snort_inline when the machine is configured as a bridge.

    Thanks!

  2. Snort_inline on FreeBSD uses IPFW’s divert sockets. The problem is that divert sockets don’t work on a FreeBSD bridge. But I’m not a *BSD expert (or even user) so I could have missed other options or recent changes to FreeBSD.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s