Package: snort-rules-default
Version: 2.3.2-2
Severity: serious
Hello Javier,
When upgrading a pristine woody chroot with snort installed, and no
snort conffiles modified manually, upgrading snort-rules-default cause
dpkg to prompt conffiles handling for thirty-four (34) files. This is
more than the total for a standard upgrade to sarge when snort is not
installed. But given that I did not modify any of them in the first
place even one would be too much.
See the log below. This is easy to reproduce:
1) debootstrap woody
2) apt-get install snort
3) retarget apt to sarge
4) apt-get install snort-common ( to work around #311257)
Apparenlty this is due to this line in snort-rules-default preinst:
mv /etc/snort/*.rules /etc/snort/rules/
This is not acceptable. If you do that, then you cannot mark the files
under /etc/snort/rules/... as conffiles anymore, you must handle them
with tool like ucf that can be instructed of the move.
Anyway, my opinion is those files are best placed in /usr/share with an
overriding in /etc as spamassassin do.
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large red swirl here.
Setting up snort-rules-default (2.3.2-2) ...
Configuration file `/etc/snort/classification.config'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** classification.config (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/attack-responses.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** attack-responses.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/backdoor.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** backdoor.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/bad-traffic.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** bad-traffic.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/ddos.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** ddos.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/dns.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** dns.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/dos.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** dos.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/exploit.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** exploit.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/finger.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** finger.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/ftp.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** ftp.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/icmp-info.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** icmp-info.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/icmp.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** icmp.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/info.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** info.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/local.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** local.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/misc.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** misc.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/netbios.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** netbios.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/policy.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** policy.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/porn.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** porn.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/rpc.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** rpc.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/rservices.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** rservices.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/scan.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** scan.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/shellcode.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** shellcode.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/smtp.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** smtp.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/sql.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** sql.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/telnet.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** telnet.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/tftp.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** tftp.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/virus.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** virus.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-attacks.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-attacks.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-cgi.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-cgi.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-coldfusion.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-coldfusion.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-frontpage.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-frontpage.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-iis.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-iis.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/web-misc.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** web-misc.rules (Y/I/N/O/D/Z) [default=N] ?
Configuration file `/etc/snort/rules/x11.rules'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** x11.rules (Y/I/N/O/D/Z) [default=N] ?
Setting up perl-modules (5.8.4-8) ...
Setting up snort-common (2.3.2-2) ...
Installing new version of config file /etc/cron.daily/5snort ...
Installing new version of config file /etc/snort/snort.conf ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
