[Bro] Can't load magic file <default> on CentOS 5

Knick, Scott E CTR USARMY RCERT-EUR (US) scott.e.knick.ctr at mail.mil
Thu May 8 01:06:34 PDT 2014 

Thanks for the thoughts. This is kind of what I'm working towards, though my complication is that I'm building an RPM that incorporates libmagic, which is built and temporarily installed into the RPM build root. If I want to have libmagic installed to somewhere in /opt, my RPM build is not very clean anymore. Does anyone know if there's a way to easily statically link Bro against libmagic? That would take some of this headache away.

Another thing I'm baffled about is that when I build libmagic 5, the resulting shared library and symbolic links have the same filenames as the libmagic 4 that's already installed. How can this be?

[dcod at localhost lib]$ ls -al /usr/lib64 | grep libmagic
-rw-r--r--  1 root root   105348 Jun 22  2012 libmagic.a
lrwxrwxrwx  1 root root       17 Apr  1 12:22 libmagic.so -> libmagic.so.1.0.0
lrwxrwxrwx  1 root root       17 Apr  1 12:22 libmagic.so.1 -> libmagic.so.1.0.0
-rwxr-xr-x  1 root root    65608 Jun 22  2012 libmagic.so.1.0.0
[dcod at localhost lib]$ ls -al
total 340
drwxr-xr-x 2 dcod dcod   4096 May  7 16:37 .
drwxr-xr-x 6 dcod dcod   4096 May  7 16:37 ..
-rwxr-xr-x 1 dcod dcod    921 May  7 16:37 libmagic.la
lrwxrwxrwx 1 dcod dcod     17 May  7 16:37 libmagic.so -> libmagic.so.1.0.0
lrwxrwxrwx 1 dcod dcod     17 May  7 16:37 libmagic.so.1 -> libmagic.so.1.0.0
-rwxr-xr-x 1 dcod dcod 331757 May  7 16:37 libmagic.so.1.0.0

-----Original Message-----
From: Siwek, Jonathan Luke [mailto:jsiwek at illinois.edu] 
Sent: Wednesday, May 07, 2014 5:24 PM
To: Knick, Scott E CTR USARMY RCERT-EUR (US)
Cc: Mike Kolkebeck; bro at bro.org
Subject: Re: [Bro] Can't load magic file <default> on CentOS 5


On May 7, 2014, at 8:57 AM, Knick, Scott E CTR USARMY RCERT-EUR (US) <scott.e.knick.ctr at mail.mil> wrote:

> I did discover a solution based on the following bug report, though I'm still fighting through some other issues.
> 
> https://bro-tracker.atlassian.net/browse/BIT-1111
> 
> Basically, you have to also (or rather?) set the MAGIC environment variable, not just the BROMAGIC environment variable.

I'd suggest just setting both to point at the same libmagic installation (e.g. the one Bro has been configured to use via `./configure -with-libmagic=<path>`).

> My conundrum seems to be happening because I need to be able to run on CentOS 5 (or RHEL 5), but that distro is stuck with libmagic version 4, and I can't figure out how to upgrade the system to version 5 without ruining a bunch of things.

If you build/install the latest libmagic from source doing something like `./configure -prefix=/opt && make && make install` (you can choose whatever prefix you want), does that work for you as far as isolating that version from everything?

- Jon

More information about the Bro mailing list