Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SnortCenter Mandrake 9.1

From: "Steve Rector" <srector () dgso org>
Date: Sat, 7 Jun 2003 03:17:45 -0500 (CDT)
After several unsuccessful attempts to get snortcenter-v1.0-RC1 and
snort-2.0.0 working on Mandrake 9.1 I final have it working.  Here are the
issues I ran into and how I solved them at least until I can spend more
time on it.
1) Could not connect to the sensor from SnortCenter and no messages being
returned.
2) curl (35) SSL certificate verify failed errors when trying to connect
to the sensor from the command line with curl. I could connect to the
sensor from a browser however, after accepting the certificate.
3) Could not update rules from the internet.

4) sh: line 1: 1/curl: No such file or directory messages in my httpd
error_log.
Issues 1 and 2 are related to newer versions of curl verifying the
certificate. Self signed certificates generate this error unless the -k
option is used with curl. On Mandrake 9.1 the get_curl_option() function
in sensor.inc.php was not parsing the version information output by the
curl -V command, so the -k option was never invoked. I simply added the -k
option to the $curl_option = ''; line at the top of the function, so the
-k option is assigned to the $curl_option variable.
Issues 1, 3, and 4 were also affected by safe_mode being on by default in
php and the safe_mode_exec_dir being set to 1.  With safe mode on the
commands passed to the exec() function in php were never executed. I
corrected this by creating a php.ini file in /etc with two lines:safe_mode = Off
safe_mode_exec_dir =

I then stopped snort, uninstalled the sensor, reinstalled and reconfigured
the sensor, and restarted snort.  When I signed back into to snortcenter I
was able to update my rules from the internet and connect to the sensor.
These were just quick hacks to get things working I'll work on cleaning
things up when I have more time.  The safe_mode options should work from
an .htaccess file which is a better solution.
I hope this helps.

Steve





-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: