Honeypots mailing list archives
FW: Snort-Inline not working
From: "Ian J. Hudson" <ihudson () waspc org>
Date: Wed, 23 Aug 2006 16:27:44 -0700
Below is what I've encountered I'm really trying to get this to work, not sure what went wrong. Regards, Ian J Hudson IT Systems Specialist WASPC ihudson () waspc org 360.486.2380
Sorry to bug you. With the Honeywall I've been able to see
stuff
happening with DNS externally, but I can't seem to get Snort, Snort-Inline to work no matter how many restarts, reloads, andreboots.As a result the honeywall restricts all outgoing and incoming
traffic.
That's the only hang up I am having with Honeywall currentlyeverythingseems to be updated ran yum have it configured to autoupdate although one of the update sites is bad. Other than that do you have any idea how to fix Snort, Snort-Inline? I had previously thought it was a
bad
IPtables configuration, or the rc.firewall script, but those allshouldbe automated which leaves it to this possibly Snort, Snort-inlineisn'tworking, which they don't appear to be running.
Running Services.. argus (pid 3815 3270 3269) is running... bridge name bridge id STP enabled interfaces br0 8000.0002a58972f8 no eth0 eth1 cpuspeed is stopped crond (pid 3984) is running... dc_client is stopped dc_server is stopped gpm (pid 3975) is running... hald (pid 4023) is running... argus (pid 3815 3270 3269) is running... hflowd (pid 3808) is running... mysqld (pid 3170) is running... p0f (pid 3336) is running hflow-pcap (pid 3415) is running snort-plain dead but subsys locked snort-inline dead but pid file exists httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running... Honeywall health as of Tue Aug 22 05:46:20 PDT 2006 Currently active devices: lo eth0 eth1 eth2 br0 bridge name bridge id STP enabled interfaces br0 8000.0002a58972f8 no eth0 eth1 /etc/init.d/rc.firewall is active hflowd (pid 3808) is running... snort-inline dead but pid file exists snort-plain dead but subsys locked hflow-pcap (pid 3415) is running p0f (pid 3336) is running argus (pid 3815 3270 3269) is running... mysqld (pid 3170) is running... sebekd (pid 3647) is running... Related services: monit is stopped swatch (pid 3908) is running... Currently active devices: lo eth0 eth1 eth2 br0 Firewall is stopped. irqbalance (pid 2762) is running... dbus-daemon-1 (pid 4014) is running... /etc/init.d/microcode_ctl: reading microcode status is not yet supported monit is stopped monit is stopped mysqld (pid 3170) is running... netplugd is stopped Configured devices: lo eth0 eth1 eth2 Currently active devices: lo eth0 eth1 eth2 br0 ntpd is stopped p0f (pid 3336 3061) is running... master (pid 3964) is running... /etc/init.d/rc.firewall is active saslauthd is stopped sebekd (pid 3647) is running... smartd is stopped snort dead but subsys locked sshd (pid 5607 5605 3667) is running... swatch (pid 3908) is running... syslogd (pid 2748) is running... klogd (pid 2752) is running... httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running... xfs (pid 4005) is running... xinetd is stopped Nightly yum update is disabled.
Current thread:
- FW: Snort-Inline not working Ian J. Hudson (Aug 23)