Snort mailing list archives
1.9.0 and PostgreSQL weirdness
From: Derek Glidden <dglidden () illusionary com>
Date: 14 Oct 2002 16:50:56 -0400
1) in response to a message I saw in the archives about 1.9.0 not starting up correctly because it can't determine it's sensor ID, I had to modify the PostgreSQL DB schema such that "last_cid" would allow NULL values. In Snort's connect() call to the database, if it can't find an existant sensor id for that particular sensor, it attempts to do an INSERT that leaves "last_cid" NULL, which will fail as the default schema has that column constrained with NOT NULL. Hence a new Snort 1.9.0 trying to connect to an empty database will fail until the SENSOR table allows NULLs in the last_cid column. (Probably it could be fixed in the Snort code more accurately by inserting a "0" or other value on the first "INSERT" that sets the sid, but I don't know the snort code well enough to know what implications that would have, while leaving it NULL seems to not harm anything.) 2) for some reason, 1.9.0 compiled against the same PostgreSQL libraries as the 1.8.7 that's been running will not make an SSL'ed connection (postgres client libraries compiled with --with-openssl to enable the SSL-tunneled connection autonegotiation) to my PostgreSQL database. I can make SSL connections with psql no problem at all from the same host from which snort cannot connect. Has anyone else seen this problem or can think of a reason why it would be failing? I've looked through the db connect code in snort and it isn't (as far as I can tell) doing anything to explicitly DIS-allow SSL connections, and the libpq client code is supposed negotiate SSL automatically if the server supports it, and 1.8.7 worked just fine, so I'm stumped. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- #!/usr/bin/perl -w $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map {$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110; $t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z) [$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join "",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d= unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]} print+x"C*",@a}';s/x/pack+/g;eval usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec - http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ http://www.eff.org/ http://www.anti-dmca.org/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 1.9.0 and PostgreSQL weirdness Derek Glidden (Oct 14)
- deleted.rules Sean Wheeler (Oct 14)
- <Possible follow-ups>
- Re: 1.9.0 and PostgreSQL weirdness Roman Danyliw (Oct 15)