Description of problem: Package incorrectly installs /usr/lib/snort/dynamicengine/libsf_engine.so as the file /usr/lib/snort/dynamicengine Version-Release number of selected component (if applicable): snort-2.6.0.2-2.fc5.i386.rpm How reproducible: See steps below Steps to Reproduce: 1. Load FC5 for i386 2. D/L and install snort rpm. 3. file /usr/lib/snort/dynamicengine Actual results: It's a lib file Expected results: Should be the directory with the file libsf_engine.so inside it. Additional info: Numerous people have been unable to get this package to work correctly (please see the snort newbies forums). Please verify that it works correctly via setting it up on a local lan with 2 other computers and verify that you can get snort to detect a nmap portscan from one computer against another.
Looks like "EasyFix". The spec contains this, install libsf_engine.so %{buildroot}%{_libdir}/snort/dynamicengine install libsf_engine.so.0 %{buildroot}%{_libdir}/snort/dynamicengine install libsf_engine.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicengine which would fail in the described way when the target is not a directory.
I built snort from source on a FC5 machine and I was able to get snort to log portscans from nmap. Unfortunately, when I had previously loaded the FC snort package on my FC5 box it was unable to detect the portscans (same config files). I made an attempt to correct the issue above by manually renaming the file but it appeared there might be some other non-trivial problem that is preventing the packaged version snort from logging (my build from source works just fine with the same config file). Any thoughts on this issue?
Dynamic engine is now fixed. and the build was able to detect a port scan.