Bug#471895: (no subject)

2008-04-20 Thread Javier Fernández-Sanguino Peña
On Sat, Apr 19, 2008 at 12:06:43PM +0100, Ivan Kelly wrote:
> 
> Thats because no such files exist on in the lenny distribution. It does
> exist in the source package as snort-2.7.0/debian/snort.default though, so
> I just guess it's something going awry on the package building.

Thanks for spotting this! That was precisely the problem. When I changed the
build system to fix some other bugs by separating the binary independent and
dependent pieces I left the installation of the snort.default file in the
wrong location.

I'm building right now new packages and will upload them shortly.

Regards

Javier


signature.asc
Description: Digital signature


Bug#471895: (no subject)

2008-04-19 Thread Ivan Kelly
>> Also please tell me whether you have a file named 
>> /etc/snort/snort.common.parameters or
>> a file /etc/default/snort in your system (or both) and provide the contents
>> of those files.
>
>I have no such files.

Thats because no such files exist on in the lenny distribution. It does exist 
in the source package as snort-2.7.0/debian/snort.default though, so I just 
guess it's something going awry on the package building.

The /etc/init.d/snort is looking for either of these to read its startup 
parameters. Since they dont exists, it uses default which means to stay in 
foreground. Im guessing the maintainer didn't hit across this because the files 
already existed on his system.

-Ivan



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Bug#471895:

2008-04-04 Thread Frederik Himpe
I am seeing the same problem with snort from Debian Lenny being
installed on Debian Etch by means of:
# apt-get install -t testing snort

These are the snort related processes running when the postinst script
hangs on the snort process started in the foreground:

# ps aux | grep snort
root  1351  0.2  4.3  19780 16768 pts/0S+   22:24   0:01 apt-get 
install -t testing snort
root  1784  0.0  0.5   4552  2152 pts/0S+   22:27   0:00 /usr/bin/dpkg 
--status-fd 16 --configure locales libc6-i686 libgcrypt11 libopencdk10 
libgnutls26 libltdl3 libpcre3 libprelude2 snort-common mysql-common 
libmysqlclient15off snort-common-libraries snort-rules-default snort
root  2769  0.1  2.2  11588  8732 pts/0S+   22:27   0:00 /usr/bin/perl 
-w /usr/share/debconf/frontend /var/lib/dpkg/info/snort.postinst configure
root  2781  0.0  0.3   3900  1356 pts/0S+   22:27   0:00 /bin/sh -e 
/var/lib/dpkg/info/snort.postinst configure
root  2810  0.0  0.3   3904  1300 pts/0S+   22:27   0:00 /bin/sh 
/usr/sbin/invoke-rc.d snort start
root  2826  0.0  0.3   3996  1408 pts/0S+   22:27   0:00 /bin/sh -e 
/etc/init.d/snort start
root  2829  3.2 38.6 174068 149512 pts/0   S+   22:27   0:11 
/usr/sbin/snort -c /etc/snort/snort.conf -S 
HOME_NET=[192.168.0.0/16,134.184.0.0/16] -i eth0
root  2882  0.0  0.1   3068   720 pts/1R+   22:33   0:00 grep snort

-- 
Frederik Himpe <[EMAIL PROTECTED]>




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Bug#471895: snort: uninstallable

2008-03-21 Thread Benoît Dejean

Le vendredi 21 mars 2008 à 01:50 +0100, Javier Fernández-Sanguino Peña a
écrit :
> On Thu, Mar 20, 2008 at 11:25:06PM +0100, Benoît Dejean wrote:
> > Package: snort
> > Version: 2.7.0-13
> > Severity: important
> > 
> > Snort is uninstallable since it is started in foreground when
> > configuring the package. Killing it makes the configure fails and
> > renders package broken.
> > 
> > Manually starting snort with /etc/init.d/snort start also starts it in
> > foreground.
> 
> Could you please send me the output of executing the following (as root):
> sh -x /etc/init.d/snort start

Hello Javier,

I've attached the output.
I have purged snort, then re-installed it and can reproduce. The funny
thing is that snort is started twice during the installation (so i have
to kill it twice).

> Also please tell me whether you have a file named 
> /etc/snort/snort.common.parameters or
> a file /etc/default/snort in your system (or both) and provide the contents
> of those files.

I have no such files.

> It certainly looks like there is some problem with your configuration and
> snort's parameters are not properly set to make it run in Daemon mode.
> 
> Thank you

Feliz Pascua!

> Javier
-- 
Benoît Dejean
GNOME http://www.gnomefr.org/
LibGTop http://directory.fsf.org/libgtop.html
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+ test
+ DAEMON=/usr/sbin/snort
+ NAME=snort
+ DESC='Network Intrusion Detection System'
+ . /lib/lsb/init-functions
++ FANCYTTY=
++ '[' -e /etc/lsb-base-logging.sh ']'
++ true
+ CONFIG=/etc/snort/snort.debian.conf
+ '[' -f /etc/snort/snort.common.parameters ']'
+ '[' -r /etc/default/snort ']'
+ test -x /usr/sbin/snort
+ test -f /etc/snort/snort.debian.conf
+ . /etc/snort/snort.debian.conf
++ DEBIAN_SNORT_STARTUP=boot
++ DEBIAN_SNORT_HOME_NET=192.168.0.0/16
++ DEBIAN_SNORT_OPTIONS=
++ DEBIAN_SNORT_INTERFACE=eth0
++ DEBIAN_SNORT_SEND_STATS=true
++ DEBIAN_SNORT_STATS_RCPT=root
++ DEBIAN_SNORT_STATS_THRESHOLD=1
+ test -z 192.168.0.0/16
+ cd /etc/snort
+ case "$1" in
+ check_root
++ id -u
+ '[' 0 '!=' 0 ']'
+ log_daemon_msg 'Starting Network Intrusion Detection System ' snort
+ '[' -z 'Starting Network Intrusion Detection System ' ']'
+ '[' -z snort ']'
+ echo -n 'Starting Network Intrusion Detection System : snort'
Starting Network Intrusion Detection System : snort+ '[' -e /etc/snort/db-pending-config ']'
+ check_log_dir
+ '[' -n '' ']'
+ return 0
+ '[' boot = dialup ']'
+ interfaces=eth0
+ test ''
+ '[' -z eth0 ']'
+ myret=0
+ got_instance=0
+ for interface in '$interfaces'
+ got_instance=1
+ log_progress_msg '(eth0'
+ '[' -z '(eth0' ']'
+ echo -n ' (eth0'
 (eth0+ '[' -x /sbin/ip ']'
+ ip link show dev eth0
+ PIDFILE=/var/run/snort_eth0.pid
+ CONFIGFILE=/etc/snort/snort.eth0.conf
+ fail='failed (check /var/log/syslog and /var/log/snort)'
+ run=yes
+ '[' -e /var/run/snort_eth0.pid ']'
+ '[' yes = yes ']'
+ '[' '!' -e /etc/snort/snort.eth0.conf ']'
+ log_progress_msg 'no /etc/snort/snort.eth0.conf found, defaulting to snort.conf'
+ '[' -z 'no /etc/snort/snort.eth0.conf found, defaulting to snort.conf' ']'
+ echo -n ' no /etc/snort/snort.eth0.conf found, defaulting to snort.conf'
 no /etc/snort/snort.eth0.conf found, defaulting to snort.conf+ CONFIGFILE=/etc/snort/snort.conf
+ set +e
+ /sbin/start-stop-daemon --start --quiet --pidfile /var/run/snort_eth0.pid --exec /usr/sbin/snort -- -c /etc/snort/snort.conf -S 'HOME_NET=[192.168.0.0/16]' -i eth0
Running in IDS mode

--== Initializing Snort ==--
Initializing Output Plugins!
Var 'eth0_ADDRESS' defined, value len = 26 chars, value = 192.168.99.0/255.255.255.0
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++
Initializing rule chains...
Var 'HOME_NET' redefined
Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
Var 'DNS_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'SMTP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'HTTP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'SQL_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'TELNET_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'SNMP_SERVERS' defined, value len = 16 chars, value = [192.168.0.0/16]
Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80
Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80
Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521
Var 'AIM_SERVERS' defined, value len = 185 chars
   [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
   .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules
,---[Flow Config]--

Bug#471895: snort: uninstallable

2008-03-20 Thread Javier Fernández-Sanguino Peña
On Thu, Mar 20, 2008 at 11:25:06PM +0100, Benoît Dejean wrote:
> Package: snort
> Version: 2.7.0-13
> Severity: important
> 
> Snort is uninstallable since it is started in foreground when
> configuring the package. Killing it makes the configure fails and
> renders package broken.
> 
> Manually starting snort with /etc/init.d/snort start also starts it in
> foreground.

Could you please send me the output of executing the following (as root):
sh -x /etc/init.d/snort start

Also please tell me whether you have a file named 
/etc/snort/snort.common.parameters or
a file /etc/default/snort in your system (or both) and provide the contents
of those files.

It certainly looks like there is some problem with your configuration and
snort's parameters are not properly set to make it run in Daemon mode.

Thank you

Javier


signature.asc
Description: Digital signature


Bug#471895: snort: uninstallable

2008-03-20 Thread Benoît Dejean
Package: snort
Version: 2.7.0-13
Severity: important

Snort is uninstallable since it is started in foreground when
configuring the package. Killing it makes the configure fails and
renders package broken.

Manually starting snort with /etc/init.d/snort start also starts it in
foreground.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)

Kernel: Linux 2.6.24.3-ibook
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages snort depends on:
ii  adduser3.106 add and remove users and groups
ii  debconf [debconf-2.0]  1.5.20Debian configuration management sy
ii  libc6  2.7-9 GNU C Library: Shared libraries
ii  libgcrypt111.4.0-3   LGPL Crypto library - runtime libr
ii  libgnutls262.2.2-1   the GNU TLS library - runtime libr
ii  libgpg-error0  1.4-2 library for common error values an
ii  libltdl3   1.5.26-1  A system independent dlopen wrappe
ii  libpcap0.8 0.9.8-3   system interface for user-level pa
ii  libpcre3   7.6-2 Perl 5 Compatible Regular Expressi
ii  libprelude20.9.16.2-2Hybrid Intrusion Detection System 
ii  libtasn1-3 1.3-1 Manage ASN.1 structures (runtime)
ii  logrotate  3.7.1-3   Log rotation utility
ii  snort-common   2.7.0-13  Flexible Network Intrusion Detecti
ii  snort-common-libraries 2.7.0-13  Flexible Network Intrusion Detecti
pn  snort-rules-default(no description available)
ii  sysklogd [system-log-d 1.5-2 System Logging Daemon
ii  zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime

Versions of packages snort recommends:
ii  iproute   20080108-1 Professional tools to control the 

-- debconf information:
* snort/address_range: 192.168.0.0/16
  snort/startup: boot
  snort/options:
  snort/invalid_interface:
* snort/interface: eth0
* snort/stats_rcpt: root
  snort/send_stats: true
  snort/config_parameters:
  snort/config_error:
  snort/please_restart_manually:
  snort/reverse_order: false
  snort/stats_treshold: 1
  snort/disable_promiscuous: false



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]