Saturday, November 5, 2011

Mac ports and snort 2.9.0.5

On the Mac ports DL, a user reported an issue trying to use snort 2.9.0.5.

Using "port install snort", the system creates shared objects (.so) but tries to load a dynamic library (.dylib).

Here is a quick procedure to have it back on track:

sudo port install snort
cd /opt/local/var/macports/distfiles/snortcp snort-2.9.0.5.tar.gz ~/tempcd ~/temp./configurecd src/dynamic-pluginsmakecd sf_enginegcc -dynamiclib -o libsf_engine.dylib -dylib bmh.o sf_ip.o\sf_snort_detection_engine.o sf_snort_plugin_api.o\sf_snort_plugin_byte.o sf_snort_plugin_content.o\sf_snort_plugin_hdropts.o sf_snort_plugin_loop.o\sf_snort_plugin_pcre.o sf_snort_plugin_rc4.o sfghash.o sfhashfcn.o\sfprimetable.osudo cp *.dylib /opt/local/lib/snort_dynamicengine/


After that, you need to edit /opt/local/etc/snort/snort.conf.dist to suit your need and reflect your specifics.