| Anonymous | Login | 2024-11-23 02:36 EST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0001600 | PacketFence | scanning | public | 2012-11-10 21:21 | 2013-10-09 09:49 | |||
| Reporter | _KaszpiR_ | |||||||
| Assigned To | francis | |||||||
| Priority | normal | Severity | major | Reproducibility | have not tried | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | 3.6.0 | |||||||
| Target Version | Fixed in Version | |||||||
| Summary | 0001600: Debain snort missing emerging-attack_response.rules | |||||||
| Description | By default packetfence does not come up with any rules. This means the snort will always fail to start. | |||||||
| Additional Information | Output of the packetfecne command without -D (deamonize) root@packetfence:~# /usr/sbin/snort -u pf -c /usr/local/pf/var/conf/snort.conf -i eth1 -N -l /usr/local/pf/var --pid-path /usr/local/pf/var/run Found pid path directive (/usr/local/pf/var/run) Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/usr/local/pf/var/conf/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'ORACLE_PORTS' defined : [ 1521 ] PortVar 'SHELLCODE_PORTS' defined : [ any ] ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-attack_response.rules": No such file or directory. Fatal Error, Quitting.. | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | ||||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003273) _KaszpiR_ (reporter) 2012-11-10 21:49 |
Looks like update_rules.pl was not ran in the installation process (weird?) Would be nice if the snort service run that command on start. Aditionally, looks like the generated path for the rules is bad , merged with other variable, or /var/run is prepended. Dirty fix: ln -s /usr/local/pf/conf/snort /usr/local/pf/var/conf/snort After running update_rules.pl another issue - missing emerging-virus.rules root@packetfence:/usr/local/pf/addons/snort# /usr/sbin/snort -u pf -c /usr/local/pf/var/conf/snort.conf -i eth1 -N -l /usr/local/pf/var --pid-path /usr/local/pf/var/run Found pid path directive (/usr/local/pf/var/run) Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/usr/local/pf/var/conf/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'ORACLE_PORTS' defined : [ 1521 ] PortVar 'SHELLCODE_PORTS' defined : [ any ] ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory. Fatal Error, Quitting.. So maybe violations.conf should be automatically updated with the list of available rules? |
|
(0003274) _KaszpiR_ (reporter) 2012-11-10 22:33 |
Hm still the snort asservice dies without giving any useful error message, whie short run from console does not want to go to backgrond. Switched to suricata, no issues so far. |
|
(0003275) fdurand (administrator) 2012-11-11 06:45 |
Since we use the new configurator, use /usr/local/pf/addons/snort/update_rules.pl to get the snort rules. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-11-10 21:21 | _KaszpiR_ | New Issue | |
| 2012-11-10 21:49 | _KaszpiR_ | Note Added: 0003273 | |
| 2012-11-10 22:33 | _KaszpiR_ | Note Added: 0003274 | |
| 2012-11-11 06:45 | fdurand | Note Added: 0003275 | |
| 2013-10-09 09:49 | francis | Status | new => closed |
| 2013-10-09 09:49 | francis | Assigned To | => francis |
| 2013-10-09 09:49 | francis | Resolution | open => fixed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |