Package: snort Version: 2.7.0-9 Severity: normal Severity note: this may be mostly a cosmetic issue, i.e., minor.
When upgrading snort in testing 1) some configuration questions were asked twice 2) there was a warning about deprecated options, and a statement that snort would not start. 3) Despite these warnings, snort appears to have started and the indicated options are not in the conf file. 4) The old snort.conf has vanished. Specifically, early in the upgrade process I was asked what interfaces to listen on and warned that my configuration file included deprecated options "preprocessor xlink2state", which would prevent startup until I edited them. There may have been one other question it asked as well. Initially I tried to enter "eth0 wlan0" for the interfaces; since eth0 was down, this didn't work and I went ahead with just wlan0." (Count me as one more vote for with #458823 about multiple, sometimes down, interfaces). Sometime later (after receiving the usual "setting up packages ..." messages. I was asked again what interfaces to use (and maybe the other question that I can't remember). I did not get a warning this time. snort appeared to start normally after that. /etc/snort did not appear to contain the old snort.conf after install. The one that was present did not include "xlink2state". Originally I thought there were to problem options, "preprocessor" and "xlink2state" (note the use of the plural in the message "deprecated optionS"), but I think "preprocessor xlink2state" is a single option. As you can tell, I'm not very familiar with snort! Based on the earlier warnings, I had expected to be asked what to do about the old and the new .conf files, with a default of leaving the old in places and creating a snort.conf.dpkg-new. Other than answering the original debconf questions on my initial install, I do not think I had any customization in the old snort.conf. I suspect that the 2.3 and 2.7 configurations are sufficiently different that the installation script simply generated a fresh .conf file (after checking for customizations, I hope) and that everything is fine. Here is the behavior I would expect: 1) questions only asked one time 2) configuration file(s) handled in the normal Debian way: if the old and the new differ you're asked what you want to do (replace old, keep old, merge, inspect differences). If the old conf is non-viable, a message to that effect. Absent the question in 2, I initially assumed my old configuration file had been left unchanged. When I saw the version 2.7 in it, I then assumed it had been automatically upgraded with bits of the old and new conf combined. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages snort depends on: ii adduser 3.105 add and remove users and groups ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy ii libc6 2.7-5 GNU C Library: Shared libraries ii libgcrypt11 1.4.0-2 LGPL Crypto library - runtime libr ii libgnutls13 2.0.4-1 the GNU TLS library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libltdl3 1.5.24-2 A system independent dlopen wrappe ii libpcap0.8 0.9.8-2 System interface for user-level pa ii libpcre3 7.3-2 Perl 5 Compatible Regular Expressi ii libprelude2 0.9.16.1-1 Hybrid Intrusion Detection System ii libtasn1-3 1.2-1 Manage ASN.1 structures (runtime) ii logrotate 3.7.1-3 Log rotation utility ii snort-common 2.7.0-9 Flexible Network Intrusion Detecti ii snort-common-libraries 2.7.0-9 Flexible Network Intrusion Detecti ii snort-rules-default 2.7.0-9 Flexible Network Intrusion Detecti ii sysklogd [system-log-da 1.5-1 System Logging Daemon ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime Versions of packages snort recommends: ii snort-doc 2.7.0-9 Documentation for the Snort IDS [d -- debconf information: * snort/address_range: 192.168.40.0/16 snort/startup: boot snort/options: * snort/invalid_interface: * snort/interface: wlan0 snort/stats_rcpt: root snort/send_stats: true snort/config_parameters: * snort/config_error: snort/please_restart_manually: snort/reverse_order: false snort/stats_treshold: 1 snort/disable_promiscuous: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
