Hi James,
Thank you for your quick reply. But im getting this error. My snort pm is
this.
[root@localhost services]# cat snort.pm
package pf::services::snort;
=head1 NAME
pf::services::snort - helper configuration module for supported snortd
=head1 DESCRIPTION
This module contains some functions that generates snortd configuration
according to what PacketFence needs to accomplish.
=head1 CONFIGURATION AND ENVIRONMENT
Read the following configuration files: F<conf/snort.conf>.
Generates the following configuration files: F<var/conf/snort.conf>.
=cut
use strict;
use warnings;
use Log::Log4perl;
use POSIX;
use Readonly;
use pf::config;
use pf::violation_config;
use pf::util qw(get_all_internal_ips parse_template);
BEGIN {
use Exporter ();
our ( @ISA, @EXPORT_OK );
@ISA = qw(Exporter);
@EXPORT_OK = qw(generate_snort_conf);
}
=head1 SUBROUTINES
=over
=item * generate_snort_conf
=cut
sub generate_snort_conf {
my $logger = Log::Log4perl::get_logger(__PACKAGE__);
my %tags;
readViolationConfigFile();
$tags{'template'} = "$conf_dir/snort.conf";
$tags{'trapping-range'} = $Config{'trapping'}{'range'};
$tags{'dhcp_servers'} = $Config{'general'}{'dhcpservers'};
$tags{'dns_servers'} = $Config{'general'}{'dnsservers'};
$tags{'install_dir'} = $install_dir;
my @rules;
if (exists $Violation_Config{'defaults'}{'snort_rules'}) {
foreach my $rule ( split( /\s*,\s*/,
$Violation_Config{'defaults'}{'snor
t_rules'} ) ) {
if ( $rule !~ /^\// && -e "$install_dir/conf/snort/$rule" || -e
$rul
e ) {
# Append configuration directory if the path doesn't start
with
/
$rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// );
push @rules, "include $rule";
}
else {
$logger->warn("Snort rules definition file $rule was not
found."
);
}
}
}
$tags{'snort_rules'} = join( "\n", @rules );
$logger->info("generating $conf_dir/snort.conf");
parse_template( \%tags, "$conf_dir/snort.conf",
"$generated_conf_dir/snort.c
onf" );
return $TRUE;
}
=back
=head1 AUTHOR
Inverse inc. <[email protected]>
=head1 COPYRIGHT
Copyright (C) 2005-2013 Inverse inc.
=head1 LICENSE
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
USA.
=cut
1;
On Wed, Feb 5, 2014 at 10:49 PM, James Rouzier <[email protected]> wrote:
> Hi Sampath,
>
> Try this patch and let me know if it works
>
>
> https://github.com/inverse-inc/packetfence/commit/d0de4fa74b58e70de6941f9a871198be8ccbe13f.diff
>
>
>
> James [email protected] :: +1.514.755.3630 :: http://www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://www.packetfence.org)
>
> On 2/5/2014, 6:21 AM, sampath jayashantha wrote:
>
>
> Any update regarding this issue ? I'm also having the same issue with my
> packetfence box.
>
> service|shouldBeStarted|pid
> memcached|1|11287
> httpd.admin|1|11297
> httpd.webservices|1|11340
> httpd.portal|1|11357
> httpd.proxy|0|0
> pfdns|1|11387
> dhcpd|1|11390
> pfdetect|1|11395
> snort|0|0
> suricata|0|0
> radiusd|1|0
> snmptrapd|1|11400
> pfsetvlan|1|11404
> pfdhcplistener|1|11427 11428 11429
> pfmon|1|11468
>
>
> How to enable it ? Any clue.
>
>
>
> On Tue, Jan 28, 2014 at 8:44 PM, Carlos Alonso <[email protected]> wrote:
>
>> Thank your for your help. These are the answers to your questions
>>
>>
>> > Can you post your pf.conf , did you set a monitor interface ?
>> >
>> > Fabrice
>> Yes I did. The inline interface is also the monitor interface. This what
>> I did in PF3.6 and worked perfectly
>> Is this not posible in PF4.1 ? I have not upgraded, It is a new
>> installation though.
>>
>> XXXX means hidden for security
>>
>> [general]
>> domain=XXXX
>> hostname=nac
>> dnsservers=XXXX
>> dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
>> locale=es_ES
>> timezone=Europe/Madrid
>> [trapping]
>> range=10.0.0.0/16, 192.68.0.0/16
>> detection=enabled
>> interception_proxy=enabled
>> [registration]
>> button_text=Registro
>> [alerting]
>> emailaddr=XXXX
>> smtpserver=XXXX
>> [database]
>> pass=XXXX
>> [captive_portal]
>> network_detection=disabled
>>
>> [interface eth0.802]
>> ip= XXXX
>> type=management
>> mask=255.255.255.0
>>
>> [interface eth0.818]
>> enforcement=inline
>> ip=192.168.18.1
>> type=internal,monitor
>> mask=255.255.255.0
>>
>> [interface eth0.819]
>> enforcement=vlan
>> ip=192.168.19.1
>> type=internal
>> mask=255.255.255.0
>>
>> [interface eth0.820]
>> enforcement=vlan
>> ip=192.168.20.1
>> type=internal
>> mask=255.255.255.0
>>
>>
>> > Can you see if Snort can start when you run it by hand?
>> >
>> > /usr/local/bin/snort -d -i eth1 -u root -g snort -c
>> /etc/snort/snort.conf -l
>> > /var/log/snort
>>
>> If I run it by hand it works:
>> >/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
>> /etc/snort/snort.conf -l /var/log/snort/
>> ...
>> --== Initialization Complete ==--
>>
>> ,,_ -*> Snort! <*-
>> o" )~ Version 2.9.2.2 IPv6 GRE (Build 121)
>> '''' By Martin Roesch & The Snort Team:
>> http://www.snort.org/snort/snort-team
>> Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>> Using libpcap version 1.3.0
>> Using PCRE version: 8.30 2012-02-04
>> Using ZLIB version: 1.2.7
>>
>> Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build
>> 18>
>> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9>
>> Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1 <Build
>> 1>
>> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4>
>> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1>
>> Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1>
>> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3>
>> Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3>
>> Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1>
>> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4>
>> Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1>
>> Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1>
>> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build
>> 13>
>> Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1>
>> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1>
>> Commencing packet processing (pid=2481)
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> WatchGuard Dimension instantly turns raw network data into actionable
>> security intelligence. It gives you real-time visual feedback on key
>> security issues and trends. Skip the complicated setup - simply import
>> a virtual appliance and go from zero to informed in seconds.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
>
> --
>
> ..........................................................................................
>
> There is always some one who know more Than us out there.
>
> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>
>
>
> SAM
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the
> Whitepaper.http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
SAM
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
