Bug 546222 - Missing library for new preprocessor dcerpc2
Summary: Missing library for new preprocessor dcerpc2
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: snort
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Dennis Gilmore
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-10 13:37 UTC by Michal Bruncko
Modified: 2011-06-27 14:40 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-27 14:40:31 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Michal Bruncko 2009-12-10 13:37:02 UTC
Description of problem:

dcerpc2 preprocessor library is missing in rpm that's needed by current netbios.rules. dcerpc2 library is named "libsf_dce2_preproc.so" and is compiled in current snort from src.rpm, but isn't included in final builded snort rpm. 

Version-Release number of selected component (if applicable):
snort-2.8.5.1-1.fc12.x86_64

How reproducible:
install current snort, include new rules from snort.org and uncomment:
"include $RULE_PATH/netbios.rules" and "preprocessor dcerpc2_server: default" (because it's needed for some netbios rules)
in snort.conf and try to start snort. Starting failed with: 

FATAL ERROR: /etc/snort/snort.conf(616) Unknown preprocessor: "dcerpc2".

...missing is libsf_dce2_preproc.so (is compiled, but not copied into final rpm while building src.rpm)

Expected results:
expecting successful snort start with latest netbios rules 

Additional info:
All, that is needed to do is edit line 311 from snort.spec and a "dce2" into for loop and dcerpc2 will be appended into final rpm.

Comment 1 Dennis Gilmore 2009-12-14 03:29:38 UTC
can the person who added the blocking bug remove it.  im not authorised to see it so it should not block my bug.  I can not remove the block as im not authorised to see the bug.

Comment 2 Kyle 2010-01-25 00:00:22 UTC
bug confirmed.  this is a critical bug because automated rule updates will cause snort startup to fail.

rpm -i snort-2.8.5.1-1.fc11.src.rpm 
yum install pcre-devel libprelude-devel libnet10-devel  mysql-devel postgresql-devel net-snmp-devel

patch snort.spec like this:
311c311
< for i in 'dcerpc' 'ssh' 'ftptelnet' 'smtp' 'dns' 'ssl'; do
---
> for i in 'dcerpc' 'dce2' 'ssh' 'ftptelnet' 'smtp' 'dns' 'ssl'; do

works for me.

Comment 3 Rastlinux 2010-06-07 15:10:35 UTC
I am using FC13 a clean upgrade from FC12 not a fresh install. I have the same issue. I checked for the existence of the mentioned library and could not find it. I do have the following:
/usr/lib64/libdcerpc_samr.so.0
/usr/lib64/libdcerpc.so.0
/usr/lib64/libdcerpc_samr.so.0.0.1
/usr/lib64/libdcerpc.so.0.0.1

I have installed the rules from snort and am getting the exact same results:
FATAL ERROR: /etc/snort/snort.conf(618) Unknown preprocessor: "dcerpc2".
If I comment out or set it to disabled I then promptly get:
FATAL ERROR: /etc/snort/snort.conf(618) Unknown preprocessor: "dcerpc2_server".
If I attempt to comment out both then my rule sets will not work. Of course it is desirable to have this functional in snort so ... is there actually a patch or fix yet?

Comment 4 Louis van Dyk 2010-08-09 20:58:13 UTC
Same problem here.  I (first-time) just installed:
snort-plain+flexresp-2.8.5.1-1.fc13.x86_64
snort-2.8.5.1-1.fc13.x86_64
using the yum repositories.  On running snort for the first time from the command line as follows:
snort -vd -c /etc/snort/snort.conf 
I get the error:
ERROR: /etc/snort/snort.conf(616) Unknown preprocessor: "dcerpc2".

Line 616 and 617 of snort.conf read:
preprocessor dcerpc2
preprocessor dcerpc2_server: default

Commenting them out does not help, because then an issue in netbios.rules occurs.

I have given this my 100 votes, as I want this fixed.  I agree that this should be changed to CRITICAL as it does not work at all upon installation.

Comment 5 Michal Bruncko 2010-09-19 15:21:01 UTC
still without any progress? it's just about single line to edit...

same problem on fc13, snort-2.8.5.1-1.fc13.i686

Comment 6 Bug Zapper 2010-11-04 03:43:06 UTC
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 7 Bug Zapper 2011-06-02 17:09:11 UTC
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 8 Bug Zapper 2011-06-27 14:40:31 UTC
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.