Snort mailing list archives
Re: Snort-users Digest, Vol 95, Issue 120
From: wyomesh deepanker <wyomeshd () yahoo com>
Date: Thu, 8 May 2014 09:57:46 -0700 (PDT)
Read <Snort Cook Book> The World Is Not Enough... On Wednesday, April 23, 2014 12:53 PM, "snort-users-request () lists sourceforge net" <snort-users-request () lists sourceforge net> wrote: Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: Problem updating rule set with pulledpork (Jeremy Hoel) 2. Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 (Jeremy Hoel) 3. Re: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 (Teo En Ming) ---------------------------------------------------------------------- Message: 1 Date: Wed, 23 Apr 2014 00:25:59 -0600 From: Jeremy Hoel <jthoel () gmail com> Subject: Re: [Snort-users] Problem updating rule set with pulledpork To: basant subba <basantsubba () gmail com> Cc: "snort-users () lists sourceforge net" <Snort-users () lists sourceforge net> Message-ID: <CAH_p-VMEXp__znfYom0S+5fuUf=w16=_2SpPfVVEjAJeVVf+Dw () mail gmail com> Content-Type: text/plain; charset="utf-8" If you post the error and your pulledpork configuration (minus the commented lines) we might be able to help solve the problem. The configuration file is pretty well documented. On Tue, Apr 22, 2014 at 8:02 PM, basant subba <basantsubba () gmail com> wrote:
I am trying to update my snort rule set with pulled pork but every time its throwing some error message about misconfiguration. Can anyone please provide a link to tutorial on how to update my snort rule set with pulled pork? ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Wed, 23 Apr 2014 00:47:06 -0600 From: Jeremy Hoel <jthoel () gmail com> Subject: Re: [Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 To: bogdan () grabinski com, "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <CAH_p-VNWqB+t-qF-x5cAoPjYL2fjhaD3fWGZdKwhbq39jH6odQ () mail gmail com> Content-Type: text/plain; charset="utf-8" Please remember to reply to the list. And does snort have rx access to /etc/snort? Not just the files, but the folder. also, what command are you using to start snort? Is it a file that came from the yum repo or did you compile from source and use one included? The error message makes it sound like it's looking for a rule file called /etc/snort/snort.conf, but i don't have a snort box in front of me and you aren't trying to include snort.conf in your snort.conf (self inclusion) so it's not that. it could be the way you're calling snort which is why I'm asking to see the command/script. On Wed, Apr 23, 2014 at 12:30 AM, Bogdan Grabinski <bogdan () grabinski com>wrote:
I attached snort.conf On 4/23/2014 2:14 AM, Jeremy Hoel wrote: Can you paste the output of your snort.conf file.. Or at least the includes section near the bottom for the rules? On Tue, Apr 22, 2014 at 11:42 PM, Bogdan Grabinski <bogdan () grabinski com>wrote:OS Centos 6.5 intel 64bit When I use: service snortd start I get message that it fails, and /var/log/messages report FATAL ERROR If I copy the same script from /etc/rc.d/init.d/snortd to /root then starting the snort as: /root/snortd start works well ( no problems ) Please help FROM: /var/log/messages ---------------------------------------------------------------------------- Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode Apr 23 01:20:57 cafe7 snort[11908]: Apr 23 01:20:57 cafe7 snort[11908]: --== Initializing Snort ==-- Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins! Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors! Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins! Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file "/etc/snort/snort.conf" Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 ---------------------------------------------------------------------------- [root@cafe7 ~]# ll /etc/snort/ total 4228 drwxr-xr-x. 5 snort snort 4096 Apr 22 19:42 . drwxr-xr-x. 129 root root 12288 Apr 22 20:06 .. -rw-r--r--. 1 snort snort 3854 Mar 17 15:00 classification.config -rw-r--r--. 1 snort snort 1880 Apr 14 02:53 disablesid.conf -rw-r--r--. 1 snort snort 2092 Apr 14 02:53 dropsid.conf -rw-r--r--. 1 snort snort 2078 Apr 14 02:53 enablesid.conf -rw-r--r--. 1 snort snort 31162 Oct 24 17:00 gen-msg.map -rw-r--r--. 1 snort snort 1510 Apr 14 02:53 modifysid.conf drwxr-xr-x. 2 snort snort 4096 Mar 17 14:59 preproc_rules -rw-r--r--. 1 snort snort 10312 Apr 14 02:53 pulledpork.conf -rw-r--r--. 1 snort snort 746 Mar 17 15:00 reference.config drwxr-xr-x. 2 snort snort 4096 Apr 22 18:09 rules -rw-r--r--. 1 snort snort 4140731 Mar 17 15:03 sid-msg.map -rw-r--r--. 1 snort snort 27701 Apr 22 18:09 snort.conf drwxr-xr-x. 4 snort snort 4096 Feb 26 12:31 so_rules -rw-r--r--. 1 snort snort 2556 Mar 17 15:00 threshold.conf -rw-r--r--. 1 snort snort 53841 Mar 17 15:00 unicode.map [root@cafe7 ~]# [r ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Wed, 23 Apr 2014 15:01:13 +0800 From: Teo En Ming <teo.en.ming () gmail com> Subject: Re: [Snort-users] FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 To: bogdan () grabinski com Cc: Snort Users <Snort-users () lists sourceforge net> Message-ID: <CAKhF0wc-LGJ-_yU-PGZqcM9m7LJNbdq3kdNKF+aAtjHeZ_pxwg () mail gmail com> Content-Type: text/plain; charset="utf-8" Did you turn off selinux? echo 0 > /selinux/enforce Teo En Ming On Wed, Apr 23, 2014 at 1:42 PM, Bogdan Grabinski <bogdan () grabinski com>wrote:
OS Centos 6.5 intel 64bit When I use: service snortd start I get message that it fails, and /var/log/messages report FATAL ERROR If I copy the same script from /etc/rc.d/init.d/snortd to /root then starting the snort as: /root/snortd start works well ( no problems ) Please help FROM: /var/log/messages ---------------------------------------------------------------------------- Apr 23 01:20:57 cafe7 snort[11908]: Running in IDS mode Apr 23 01:20:57 cafe7 snort[11908]: Apr 23 01:20:57 cafe7 snort[11908]: --== Initializing Snort ==-- Apr 23 01:20:57 cafe7 snort[11908]: Initializing Output Plugins! Apr 23 01:20:57 cafe7 snort[11908]: Initializing Preprocessors! Apr 23 01:20:57 cafe7 snort[11908]: Initializing Plug-ins! Apr 23 01:20:57 cafe7 snort[11908]: Parsing Rules file "/etc/snort/snort.conf" Apr 23 01:20:57 cafe7 snort[11908]: FATAL ERROR: /etc/snort/snort.conf(0) Unable to open rules file "/etc/snort/snort.conf": Permission denied.#012 ---------------------------------------------------------------------------- [root@cafe7 ~]# ll /etc/snort/ total 4228 drwxr-xr-x. 5 snort snort 4096 Apr 22 19:42 . drwxr-xr-x. 129 root root 12288 Apr 22 20:06 .. -rw-r--r--. 1 snort snort 3854 Mar 17 15:00 classification.config -rw-r--r--. 1 snort snort 1880 Apr 14 02:53 disablesid.conf -rw-r--r--. 1 snort snort 2092 Apr 14 02:53 dropsid.conf -rw-r--r--. 1 snort snort 2078 Apr 14 02:53 enablesid.conf -rw-r--r--. 1 snort snort 31162 Oct 24 17:00 gen-msg.map -rw-r--r--. 1 snort snort 1510 Apr 14 02:53 modifysid.conf drwxr-xr-x. 2 snort snort 4096 Mar 17 14:59 preproc_rules -rw-r--r--. 1 snort snort 10312 Apr 14 02:53 pulledpork.conf -rw-r--r--. 1 snort snort 746 Mar 17 15:00 reference.config drwxr-xr-x. 2 snort snort 4096 Apr 22 18:09 rules -rw-r--r--. 1 snort snort 4140731 Mar 17 15:03 sid-msg.map -rw-r--r--. 1 snort snort 27701 Apr 22 18:09 snort.conf drwxr-xr-x. 4 snort snort 4096 Feb 26 12:31 so_rules -rw-r--r--. 1 snort snort 2556 Mar 17 15:00 threshold.conf -rw-r--r--. 1 snort snort 53841 Mar 17 15:00 unicode.map [root@cafe7 ~]# [r ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 95, Issue 120 ********************************************
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 95, Issue 120 wyomesh deepanker (May 14)