Description of problem: dcerpc2 preprocessor library is missing in rpm that's needed by current netbios.rules. dcerpc2 library is named "libsf_dce2_preproc.so" and is compiled in current snort from src.rpm, but isn't included in final builded snort rpm. Version-Release number of selected component (if applicable): snort-2.8.5.1-1.fc12.x86_64 How reproducible: install current snort, include new rules from snort.org and uncomment: "include $RULE_PATH/netbios.rules" and "preprocessor dcerpc2_server: default" (because it's needed for some netbios rules) in snort.conf and try to start snort. Starting failed with: FATAL ERROR: /etc/snort/snort.conf(616) Unknown preprocessor: "dcerpc2". ...missing is libsf_dce2_preproc.so (is compiled, but not copied into final rpm while building src.rpm) Expected results: expecting successful snort start with latest netbios rules Additional info: All, that is needed to do is edit line 311 from snort.spec and a "dce2" into for loop and dcerpc2 will be appended into final rpm.
can the person who added the blocking bug remove it. im not authorised to see it so it should not block my bug. I can not remove the block as im not authorised to see the bug.
bug confirmed. this is a critical bug because automated rule updates will cause snort startup to fail. rpm -i snort-2.8.5.1-1.fc11.src.rpm yum install pcre-devel libprelude-devel libnet10-devel mysql-devel postgresql-devel net-snmp-devel patch snort.spec like this: 311c311 < for i in 'dcerpc' 'ssh' 'ftptelnet' 'smtp' 'dns' 'ssl'; do --- > for i in 'dcerpc' 'dce2' 'ssh' 'ftptelnet' 'smtp' 'dns' 'ssl'; do works for me.
I am using FC13 a clean upgrade from FC12 not a fresh install. I have the same issue. I checked for the existence of the mentioned library and could not find it. I do have the following: /usr/lib64/libdcerpc_samr.so.0 /usr/lib64/libdcerpc.so.0 /usr/lib64/libdcerpc_samr.so.0.0.1 /usr/lib64/libdcerpc.so.0.0.1 I have installed the rules from snort and am getting the exact same results: FATAL ERROR: /etc/snort/snort.conf(618) Unknown preprocessor: "dcerpc2". If I comment out or set it to disabled I then promptly get: FATAL ERROR: /etc/snort/snort.conf(618) Unknown preprocessor: "dcerpc2_server". If I attempt to comment out both then my rule sets will not work. Of course it is desirable to have this functional in snort so ... is there actually a patch or fix yet?
Same problem here. I (first-time) just installed: snort-plain+flexresp-2.8.5.1-1.fc13.x86_64 snort-2.8.5.1-1.fc13.x86_64 using the yum repositories. On running snort for the first time from the command line as follows: snort -vd -c /etc/snort/snort.conf I get the error: ERROR: /etc/snort/snort.conf(616) Unknown preprocessor: "dcerpc2". Line 616 and 617 of snort.conf read: preprocessor dcerpc2 preprocessor dcerpc2_server: default Commenting them out does not help, because then an issue in netbios.rules occurs. I have given this my 100 votes, as I want this fixed. I agree that this should be changed to CRITICAL as it does not work at all upon installation.
still without any progress? it's just about single line to edit... same problem on fc13, snort-2.8.5.1-1.fc13.i686
This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.