Bug#471895: (no subject)
On Sat, Apr 19, 2008 at 12:06:43PM +0100, Ivan Kelly wrote: Thats because no such files exist on in the lenny distribution. It does exist in the source package as snort-2.7.0/debian/snort.default though, so I just guess it's something going awry on the package building. Thanks for spotting this! That was precisely the problem. When I changed the build system to fix some other bugs by separating the binary independent and dependent pieces I left the installation of the snort.default file in the wrong location. I'm building right now new packages and will upload them shortly. Regards Javier signature.asc Description: Digital signature
Bug#471895: (no subject)
Also please tell me whether you have a file named /etc/snort/snort.common.parameters or a file /etc/default/snort in your system (or both) and provide the contents of those files. I have no such files. Thats because no such files exist on in the lenny distribution. It does exist in the source package as snort-2.7.0/debian/snort.default though, so I just guess it's something going awry on the package building. The /etc/init.d/snort is looking for either of these to read its startup parameters. Since they dont exists, it uses default which means to stay in foreground. Im guessing the maintainer didn't hit across this because the files already existed on his system. -Ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471895:
I am seeing the same problem with snort from Debian Lenny being installed on Debian Etch by means of: # apt-get install -t testing snort These are the snort related processes running when the postinst script hangs on the snort process started in the foreground: # ps aux | grep snort root 1351 0.2 4.3 19780 16768 pts/0S+ 22:24 0:01 apt-get install -t testing snort root 1784 0.0 0.5 4552 2152 pts/0S+ 22:27 0:00 /usr/bin/dpkg --status-fd 16 --configure locales libc6-i686 libgcrypt11 libopencdk10 libgnutls26 libltdl3 libpcre3 libprelude2 snort-common mysql-common libmysqlclient15off snort-common-libraries snort-rules-default snort root 2769 0.1 2.2 11588 8732 pts/0S+ 22:27 0:00 /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/snort.postinst configure root 2781 0.0 0.3 3900 1356 pts/0S+ 22:27 0:00 /bin/sh -e /var/lib/dpkg/info/snort.postinst configure root 2810 0.0 0.3 3904 1300 pts/0S+ 22:27 0:00 /bin/sh /usr/sbin/invoke-rc.d snort start root 2826 0.0 0.3 3996 1408 pts/0S+ 22:27 0:00 /bin/sh -e /etc/init.d/snort start root 2829 3.2 38.6 174068 149512 pts/0 S+ 22:27 0:11 /usr/sbin/snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16,134.184.0.0/16] -i eth0 root 2882 0.0 0.1 3068 720 pts/1R+ 22:33 0:00 grep snort -- Frederik Himpe [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471895: snort: uninstallable
Le vendredi 21 mars 2008 à 01:50 +0100, Javier Fernández-Sanguino Peña a écrit : On Thu, Mar 20, 2008 at 11:25:06PM +0100, Benoît Dejean wrote: Package: snort Version: 2.7.0-13 Severity: important Snort is uninstallable since it is started in foreground when configuring the package. Killing it makes the configure fails and renders package broken. Manually starting snort with /etc/init.d/snort start also starts it in foreground. Could you please send me the output of executing the following (as root): sh -x /etc/init.d/snort start Hello Javier, I've attached the output. I have purged snort, then re-installed it and can reproduce. The funny thing is that snort is started twice during the installation (so i have to kill it twice). Also please tell me whether you have a file named /etc/snort/snort.common.parameters or a file /etc/default/snort in your system (or both) and provide the contents of those files. I have no such files. It certainly looks like there is some problem with your configuration and snort's parameters are not properly set to make it run in Daemon mode. Thank you Feliz Pascua! Javier -- Benoît Dejean GNOME http://www.gnomefr.org/ LibGTop http://directory.fsf.org/libgtop.html + PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + test + DAEMON=/usr/sbin/snort + NAME=snort + DESC='Network Intrusion Detection System' + . /lib/lsb/init-functions ++ FANCYTTY= ++ '[' -e /etc/lsb-base-logging.sh ']' ++ true + CONFIG=/etc/snort/snort.debian.conf + '[' -f /etc/snort/snort.common.parameters ']' + '[' -r /etc/default/snort ']' + test -x /usr/sbin/snort + test -f /etc/snort/snort.debian.conf + . /etc/snort/snort.debian.conf ++ DEBIAN_SNORT_STARTUP=boot ++ DEBIAN_SNORT_HOME_NET=192.168.0.0/16 ++ DEBIAN_SNORT_OPTIONS= ++ DEBIAN_SNORT_INTERFACE=eth0 ++ DEBIAN_SNORT_SEND_STATS=true ++ DEBIAN_SNORT_STATS_RCPT=root ++ DEBIAN_SNORT_STATS_THRESHOLD=1 + test -z 192.168.0.0/16 + cd /etc/snort + case $1 in + check_root ++ id -u + '[' 0 '!=' 0 ']' + log_daemon_msg 'Starting Network Intrusion Detection System ' snort + '[' -z 'Starting Network Intrusion Detection System ' ']' + '[' -z snort ']' + echo -n 'Starting Network Intrusion Detection System : snort' Starting Network Intrusion Detection System : snort+ '[' -e /etc/snort/db-pending-config ']' + check_log_dir + '[' -n '' ']' + return 0 + '[' boot = dialup ']' + interfaces=eth0 + test '' + '[' -z eth0 ']' + myret=0 + got_instance=0 + for interface in '$interfaces' + got_instance=1 + log_progress_msg '(eth0' + '[' -z '(eth0' ']' + echo -n ' (eth0' (eth0+ '[' -x /sbin/ip ']' + ip link show dev eth0 + PIDFILE=/var/run/snort_eth0.pid + CONFIGFILE=/etc/snort/snort.eth0.conf + fail='failed (check /var/log/syslog and /var/log/snort)' + run=yes + '[' -e /var/run/snort_eth0.pid ']' + '[' yes = yes ']' + '[' '!' -e /etc/snort/snort.eth0.conf ']' + log_progress_msg 'no /etc/snort/snort.eth0.conf found, defaulting to snort.conf' + '[' -z 'no /etc/snort/snort.eth0.conf found, defaulting to snort.conf' ']' + echo -n ' no /etc/snort/snort.eth0.conf found, defaulting to snort.conf' no /etc/snort/snort.eth0.conf found, defaulting to snort.conf+ CONFIGFILE=/etc/snort/snort.conf + set +e + /sbin/start-stop-daemon --start --quiet --pidfile /var/run/snort_eth0.pid --exec /usr/sbin/snort -- -c /etc/snort/snort.conf -S 'HOME_NET=[192.168.0.0/16]' -i eth0 Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Var 'eth0_ADDRESS' defined, value len = 26 chars, value = 192.168.99.0/255.255.255.0 Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0 Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++ Initializing rule chains... Var 'HOME_NET' redefined Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any Var 'DNS_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'SMTP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'HTTP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'SQL_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'TELNET_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'SNMP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16] Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80 Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80 Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521 Var 'AIM_SERVERS' defined, value len = 185 chars [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9 .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules ,---[Flow Config]-- | Stats Interval: 0
Bug#471895: snort: uninstallable
Package: snort Version: 2.7.0-13 Severity: important Snort is uninstallable since it is started in foreground when configuring the package. Killing it makes the configure fails and renders package broken. Manually starting snort with /etc/init.d/snort start also starts it in foreground. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.24.3-ibook Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages snort depends on: ii adduser3.106 add and remove users and groups ii debconf [debconf-2.0] 1.5.20Debian configuration management sy ii libc6 2.7-9 GNU C Library: Shared libraries ii libgcrypt111.4.0-3 LGPL Crypto library - runtime libr ii libgnutls262.2.2-1 the GNU TLS library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libltdl3 1.5.26-1 A system independent dlopen wrappe ii libpcap0.8 0.9.8-3 system interface for user-level pa ii libpcre3 7.6-2 Perl 5 Compatible Regular Expressi ii libprelude20.9.16.2-2Hybrid Intrusion Detection System ii libtasn1-3 1.3-1 Manage ASN.1 structures (runtime) ii logrotate 3.7.1-3 Log rotation utility ii snort-common 2.7.0-13 Flexible Network Intrusion Detecti ii snort-common-libraries 2.7.0-13 Flexible Network Intrusion Detecti pn snort-rules-defaultnone(no description available) ii sysklogd [system-log-d 1.5-2 System Logging Daemon ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages snort recommends: ii iproute 20080108-1 Professional tools to control the -- debconf information: * snort/address_range: 192.168.0.0/16 snort/startup: boot snort/options: snort/invalid_interface: * snort/interface: eth0 * snort/stats_rcpt: root snort/send_stats: true snort/config_parameters: snort/config_error: snort/please_restart_manually: snort/reverse_order: false snort/stats_treshold: 1 snort/disable_promiscuous: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471895: snort: uninstallable
On Thu, Mar 20, 2008 at 11:25:06PM +0100, Benoît Dejean wrote: Package: snort Version: 2.7.0-13 Severity: important Snort is uninstallable since it is started in foreground when configuring the package. Killing it makes the configure fails and renders package broken. Manually starting snort with /etc/init.d/snort start also starts it in foreground. Could you please send me the output of executing the following (as root): sh -x /etc/init.d/snort start Also please tell me whether you have a file named /etc/snort/snort.common.parameters or a file /etc/default/snort in your system (or both) and provide the contents of those files. It certainly looks like there is some problem with your configuration and snort's parameters are not properly set to make it run in Daemon mode. Thank you Javier signature.asc Description: Digital signature
