Snort mailing list archives
todays CVS checkout fails with a SEGFAULT
From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Thu, 10 May 2001 11:13:25 +0200
SuSE 6.3 libpcap-0.6.2 snort Version 1.8-beta5 (Build 19), todays CVS checkout Built using: % make distclean && ./configure --without-mysql --without-openssl --enable-debug (after it crashed using just --without-mysql --without-openssl) I start it using: % cd /etc/rules && \ /usr/local/bin/snort -u snort -g snort -d -b -s -c /etc/snort.conf -l /var/log/snort \ > output On STDOUT I get (already got that with a working version!): WARNING classification.config(30): Duplicate classification "not-suspicious"found, ignoring this line WARNING classification.config(31): Duplicate classification "unknown"found, ignoring this line WARNING classification.config(32): Duplicate classification "bad-unknown"found, ignoring this line WARNING classification.config(33): Duplicate classification "attempted-recon"found, ignoring this line WARNING classification.config(34): Duplicate classification "successful-recon-limited"found, ignoring this line WARNING classification.config(35): Duplicate classification "successful-recon-largescale"found, ignoring this line WARNING classification.config(36): Duplicate classification "attempted-dos"found, ignoring this line WARNING classification.config(37): Duplicate classification "successful-dos"found, ignoring this line WARNING classification.config(38): Duplicate classification "attempted-user"found, ignoring this line WARNING classification.config(39): Duplicate classification "unsuccessful-user"found, ignoring this line WARNING classification.config(40): Duplicate classification "successful-user"found, ignoring this line WARNING classification.config(41): Duplicate classification "attempted-admin"found, ignoring this line WARNING classification.config(42): Duplicate classification "successful-admin"found, ignoring this line -*> Snort! <*- Version 1.8-beta5 (Build 19) By Martin Roesch (roesch () clark net, www.snort.org) Segmentation fault Hmm. BTW, if I grep for, say "not-suspicious" in /etc/rules, I get: classification.config:config classification: not-suspicious,Not Suspicious Traffic,0 netbios.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS Samba clientaccess";flags: A+; content:"|00|Unix|00|Samba"; reference:arachnids,341; classtype:not-suspicious;) telnet.rules:alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"TELNET access";flags: A+; content:"|FF FD 18 FF FD 1F FF FD 23 FF FD 27 FF FD 24|"; reference:arachnids,08; reference:cve,CAN-1999-0619; classtype:not-suspicious;) So where does the "Duplicate classification" come from? There's just ONE! -- ralf.hildebrandt () innominate com innominate AG System Engineer Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-698 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- todays CVS checkout fails with a SEGFAULT Ralf Hildebrandt (May 10)
- Re: todays CVS checkout fails with a SEGFAULT Ralf Hildebrandt (May 10)