Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Trouble with SnortCenter Agent

From: "Steven B. Akers" <sbakers () truarx com>
Date: Wed, 20 Nov 2002 08:54:11 -0500
Hello,

We were using the Steve Scott document.  The actual error message is located in the /sensor/cgi/weblib.pl file.  Here 
is the section of the file that is erroring out.

else {
        # Get root directory from miniserv.conf, and deduce module name from $0
        local %miniserv;
        &get_miniserv_config(\%miniserv);
        $root_directory = $miniserv{'root'};
        if ($0 =~ /^$root_directory\/([^\/]+)\/[^\/]+$/) {
                $module_name = $1;
                }
        elsif ($0 !~ /^$root_directory\/[^\/]+$/) {
                &error("Script was not run with full path");
                }
        }

When I put in a little debug information to tell me what the variables $0 and $root_directory are at the time this 
weblib.pl is run, they are not the same, hence the error.  But I am not clear on where this information is set.

Any pointers in the right direction would be appreciated.

Steve

-----Original Message-----
From: larc [mailto:larc () pandora be]
Posted At: Wednesday, November 20, 2002 5:52 AM
Posted To: Snort Mailing List
Conversation: [Snort-users] Trouble with SnortCenter Agent
Subject: Re: [Snort-users] Trouble with SnortCenter Agent


Hi,

I'm sorry but I don't have a clue, there is no error message like this in the agent setup and I never seen or hear this 
before.

Are you using the manual from Steve Scott? If so it has been tested by hunderds of people and they never had that 
problem.

If you like I can send you the init.d script and then you can install it yourself

Sorry,
Stefan Dens

------------------------
 "Snort Mailing List" <SnortMailingList () truarx com> wrote:
------------------------
I am attempting install the agent on multiple clean installs of redhat 

7.3

On all of them I am getting the following error as the setup.sh is
installing, (Script was not run with full path) during the Configuring 
Snort
Agent to start at boot time section.  I have created the /etc/snort and
/var/log/snort directories before running setup.sh.  I have even tried 
this
on two different machines, both were out of the box redhat 
installations.

Any help would be appreciated.  Below is a copy of the setup.sh and my
answers, and well as the results from the script.

Thanks

Steve Akers





root@SNARX01 sensor]# ./setup.sh

*************************************************************************
***
*******
*       Welcome to the SnortCenter Sensor Agent setup script, version 
0.1.6
*
*************************************************************************
***
*******

Installing Sensor in /opt/snortagent/sensor ...

*************************************************************************
***
*********
The Sensor Agent uses separate directories for configuration files and 
log
files.
Unless you want to place them in a other directory, you can just accept 
the
defaults.

Config file directory [/opt/snortagent/sensor/conf]: /etc/snort
Log file directory [/opt/snortagent/sensor/log]: /var/log/snort

*************************************************************************
***
************
SnortCenter Sensor Agent is written entirely in Perl. Please enter the 
full
path to the
Perl 5 interpreter on your system.

Full path to perl (default /usr/bin/perl):

Testing Perl ...
Perl seems to be installed ok

*************************************************************************
***
*****
SnortCenter Sensor Agent needs Snort to be installed, 'As if you didn't 
know
:-)'
Please enter the full path to snort binary.

Full path to snort (default /usr/local/bin/):

Ok, found Snort Version 1.9.0 (Build 209)

Snort Rule config file directory [/opt/snortagent/sensor/rules/]: 
/etc/snort

***********************************************************************
Operating system name:    Redhat Linux
Operating system version: 7.3

********************************************************************
SnortCenter Sensor Agent uses its own password protected web server
The setup script needs to know :
- What port to run the Sensor Agent on. There must not be another
  service already using this port.
- What ip address to listen on.
- The login name required to access the Sensor Agent.
- The password required to access the Sensor Agent.
- The hostname of this system that the Sensor Agent should use.
- If the Sensor Agent should use SSL (if your system supports it).
- Whether to use ip access control.
- Whether to start Snortcenter Sensor Agent at boot time.

Sensor port (default 2525):

If this host has multiple IP addresses,
the server can be configured to listen on
only one address (default any):
Login name (default admin):
Login password: 
Password again: 
Sensor host name (default SNARX01):
Use SSL (y/n): y

*************************************************************************
***
*****************
The Sensor Agent can be configured allow access only from certain IP
addresses.
Hostnames (like foo.bar.com) and IP networks (like 10.254.3.0 or
10.254.1.0/255.255.255.128)
can also be entered.
You should limit access to your sensor to trusted addresses like the
SnortCenter Management Console, especially if it is accessible from the
Internet.
Otherwise, anyone who guesses your password will have complete control 
of
your system.
You can enter multiple addresses by typing a space between them like
(127.0.0.1 foo.bar.com)

Allowed IP addresses (default localhost):localhost 127.0.0.1
Start Sensor at boot time (y/n): y
***********************************************************************
Creating Sensor Agent config files..
...done

Inserting path to perl into scripts..
...done

Creating start and stop scripts..
...done

Copying config files..
...done

Configuring SnortCenter Sensor Agent to start at boot time..

-----
Script was not run with full path
-----
...done

Creating uninstall script /etc/snort/uninstall.sh ..
...done

Changing ownership and permissions ..
...done

Attempting to start Sensor Agent..
Starting SnortCenter Sensor Agent server in /opt/snortagent/sensor
...done



-- 
Steven B. Akers 
Consulting Director
TruArx, Inc. 
sbakers () truarx com 

2000 Town Center 
Suite 1900 
Southfield, MI  48075
P: 248.351.9780 
F: 248.351.9781 

http://www.truarx.com

This message is intended only for the individual or entity to which it 
is
addressed.  It may contain privileged, confidential information which is
exempt from disclosure under applicable laws.  If you are not the 
intended
recipient, please note that you are strictly prohibited from 
disseminating
or distributing this information (other than to the intended recipient) 
or
copying this information.  If you have received this communication in 
error,
please notify us immediately by e-mail or by telephone at (248) 
351-9780.
Thank you.





-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: