Snort mailing list archives
Segfault with Snort 2.9.1
From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 28 Sep 2011 15:58:08 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all I'm working on a much overdue upgrade from Snort 2.8.4 to 2.9.1 on Fedora 14 - a platform I've inherited. I did the usual ./configure, make, make install. 'snort -V' before install and after is fine. Now I've tried bringing snort up: /usr/local/bin/snort -c /etc/snort/snort.conf -T -i eth1 (this is the snort.conf from http://www.snort.org/assets/184/snort.conf but also fails with the snort.conf distributed with 2.9.1.tar.gz) I get: Running in Test mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371 55555 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SQL_PORTS' defined : [ 3306 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ] <SNIP> rpc_decode arguments: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 alert_fragments: INACTIVE alert_large_fragments: INACTIVE alert_incomplete: INACTIVE alert_multiple_requests: INACTIVE Segmentation fault Syslog: Sep 28 15:51:46 xyzzy kernel: [1393627.727267] snort[27434]: segfault at 8b95a14 ip 08b95a14 sp bfb0b7bc error 15 I've built 2.9.1 on what I thought was an identical FC14 box and that starts fine (only tested with -T). I think the only difference between the boxes is the failing one has SELINUX enabled. It's been quite a while since I've seen any software segfault, let alone snort... does anyone have any ideas? - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOgzYAAAoJELhVoVpEMS6RilEIAIwsPMNOEu/rmoqbLy6W8EN8 f71aA8QgfOj+8rl96KSc2OrY0hTCrhbjsoXG7pN3zvh3lCJaT8/H/yn2G+xeoObu NkumWOI5tGc4jj1/LcDivz2ejSS3XiuAFbD3+Ir2ptJm0ErTG+vqCcXjcccvwjr/ mmSMTiUPrRmavYOSjJTolMpXAKAo/NB+suHYUuKFoavOazBI2MjBjML20Z1A0kKW ykDi/titPZH9XP5zzlHi1INO7Y8tBWBk7GSV61L+LfRx9GRlCrWath25gIHv02o1 ky7kJpi0dv1AYTeLM38sV4oeBQsD3lqqxewWMA9237vKHh8VSIwDT0MtSicpqNg= =cHla -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Segfault with Snort 2.9.1 Peter Bates (Sep 28)
- Re: Segfault with Snort 2.9.1 Lay, James (Sep 28)
- Re: Segfault with Snort 2.9.1 Peter Bates (Sep 28)
- Re: Segfault with Snort 2.9.1 Martin Holste (Sep 28)
- Re: Segfault with Snort 2.9.1 beenph (Sep 28)
- Re: Segfault with Snort 2.9.1 Peter Bates (Sep 28)
- Re: Segfault with Snort 2.9.1 Lay, James (Sep 28)