Snort mailing list archives
Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sat, 1 Dec 2012 03:03:05 -0500
Hello again snort users, I wanted to reach out to snort users and let you all know that I've found some problems with snort report on Debian 6 and CentOS 6.3, as well has how to resolve them. In my haste to push autosnort to Debian and CentOS, I did not test thoroughly enough on redhat/CentOS and Debian. Upon revisiting some testing, I've discovered problems with snort report on CentOS 6.3 and Debian 6 that will prevent the webpage from displaying intrusion events or well, much of anything. If you run into problems in which the snort report menu displays, but you get a bunch garbled PHP output as well as a php tag for snort report's page title, try the following: On Debian: edit /etc/php5/apache/php.ini. You will have to enable the short_open_tag directive on line 226 by changing this line from "Off" to "On". Afterwards, if you restart apache, your web page should render fine and you should be able to see your intrusion events just fine. On CentOS 6.3 you will have to make two edits if you have SELinux enabled and in enforcing mode: 1) you will have to edit /etc/php.ini and enable the short_open_tag directive on line 229. same as on Debian, change the option from "Off" to "On" and restart httpd. 2) If you are running SELinux in enforcing mode, you will get file permission errors for srconf.php. this is because SELinux is preventing access to snort report files via the httpd process. to change this, enter the following command: chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/ note: the other alternative is to disable SELinux and change ownership of the entire snortreport directory and all files within to the apache user and group. This isn't the right or recommended way of doing this, however. SELinux is there for a reason other than to annoy you. I apologize to my autosnort users for not having tested this more thoroughly, and hope that this will be off assistance to anyone attempting to install snort report on Debian or CentOS/Redhat in the future. Sincerely, DA -- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 02)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 02)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)