[Oisf-users] Issues with Application Layer Filtering

Jason Batchelor jxbatchelor at gmail.com
Sat Jun 7 00:28:58 UTC 2014


Okay, scratch that. I was able to replicate by deleting the ld.so.cache
file. Initially I get the libhtp missing message but a quick ldconfig
remedies it. Have there been others with issues concerning libhtp on RH
based distros?


On Fri, Jun 6, 2014 at 7:12 PM, Jason Batchelor <jxbatchelor at gmail.com>
wrote:

> I think you might be on to something with libhtp...
>
> I recall when I initially installed and started Suricata, I received an
> error message saying libhtp could not be found. So I did a simple:
>
> yum install libhtp
>
> At that point things were fine and Suri started up. However, I thought it
> was strange because libhtp came with Suri and I presumed it was installed
> from source (so why the linking issue?).
>
> Before I removed the RPM I did an ldd to check if it linked to the RPM or
> the source binary. The results seemed to indicate that it was correctly
> linked to the source binary.
>
> ldd /usr/bin/suricata | grep libhtp
>         libhtp-0.5.11.so.1 => /usr/lib/libhtp-0.5.11.so.1
> (0x00007f454b614000)
>
> What I can't really explain is why installing the libhtp RPM fixed things,
> even though the source link is preserved (the location is
> /usr/lib64/libhtp-0.3.so.1).
>
> Stranger, I cannot replicate the behavior when I remove the libhtp RPM.
> The source link is preserved and after a re-configure and rebuild with the
> Suri tar ball for 2.0.1, it starts up with no libhtp issue. Could the RPM
> having been installed at one point have corrupted things?
>
> Concerning the git, unfortunately I believe our FW is blocking the git
> port. If you still think it is worth a shot (as opposed to the tar ball) I
> can figure something out.
>
> Thanks for your help so far.
>
>
> On Fri, Jun 6, 2014 at 6:23 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> This sounds almost like it might be an issue with libhtp.
>>
>> As a sanity check would you be interested in trying my build script for
>> the current dev release?
>>
>> > #!/bin/sh
>> >
>> > export CFLAGS="-O3 -pipe -march=native"
>> >
>> > git clone git://phalanx.openinfosecfoundation.org/oisf.git
>> >
>> > cd oisf
>> >
>> > git clone git://github.com/ironbee/libhtp.git
>> >
>> > ./autogen.sh
>> >
>> > ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
>> >
>> > make install && ldconfig
>>
>> Feel free to change the configure options as needed.
>>
>> On 6/6/2014 4:13 PM, Jason Batchelor wrote:
>> >
>> >
>> > Spun up Suri and retested, unfortunately I'm still having the same
>> > problem :/
>> >
>> > Baffled by this one so far?
>> >
>>
>> >
>>
>> - --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ACT Security Team
>> cnelson at ucsd.edu x41042
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.17 (MingW32)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQEcBAEBAgAGBQJTkk2GAAoJEKIFRYQsa8FWk/AH/iqn+mQXcqk2w71jWhjG2voo
>> AxHEjF72jzuKLt6KGClhNQKVbf1XT03yeBwfawikt+04+Ibfp3cO/bTcPjmih5lm
>> Gh9i3F64lFIbvlFzjhvsxZW3eYAwTZPsQ7/kt6CUYjFLv65VzgVCmKVFxwCAW2Nz
>> kJUHCYcsQnaRRPDj92ddI0cUA60Qj4wV0h1nMT8u2tHAm/dCSeGnGo9TagXwTG4Z
>> ON+s1u9+4exUADnstEG4SqrQq9Zxp5yPaDede694vNaeNv6y6ZYC3Zgax/Zm3GOj
>> urXmaW1A8BMsi5JW4HTQVFgqOOm3FJYTYF8Sv85a2B3PFwe5eETPw1budWxNXt4=
>> =tdL6
>> -----END PGP SIGNATURE-----
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140606/5070559b/attachment-0002.html>


More information about the Oisf-users mailing list