Snort mailing list archives
Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sat, 1 Dec 2012 12:12:47 -0500
my replies below yours: On Sat, Dec 1, 2012 at 11:38 AM, waldo kitty <wkitty42 () windstream net>wrote:
On 12/1/2012 03:03, Tony Robinson wrote:On Debian: edit /etc/php5/apache/php.ini. You will have to enable the short_open_tag directive on line 226 by changing this line from "Off" to "On".Afterwards, ifyou restart apache, your web page should render fine and you should beable tosee your intrusion events just fine.why not just fix the short open tags to proper long tags?
1. Sorry, I did NOT write snort report. I'm just posting what I had to do to make it work. I had to do a bit of research on the web to figure this out, and apparently I wasn't the first one<http://seclists.org/snort/2012/q3/1101>to run into this problem.
On CentOS 6.3 you will have to make two edits if you have SELinux enabled and inenforcing mode:1) you will have to edit /etc/php.ini and enable the short_open_tagdirective online 229. same as on Debian, change the option from "Off" to "On" andrestart httpd. and here again... why not make the change in the code so it is never a problem any more instead of requiring everyone else to change their configurations?
See reply to answer 1 above. the script I provide installs snort report.. I did not write snort report nor have any affiliation with symmetrix, the creators of that front end. I do not know PHP well enough to do what you suggest, nor am I a memeber of the snort report team. I'm posting a solution to a problem others have had. outside of scripting in BASH in terms of programming I'm a lame duck and will own up to it. A lot of the researching and testing I did was my first dive into PHP.
2) If you are running SELinux in enforcing mode, you will get filepermissionerrors for srconf.php. this is because SELinux is preventing access tosnortreport files via the httpd process. to change this, enter the followingcommand:chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/that command doesn't look right... or is chcon a new command like chown and chmod?? chcon man page entry <http://linux.die.net/man/1/chcon>
tl; dr: chcon is to change SELinux permissions on a file/directory recursively. We're changing permissions on the snortreport-1.3.3 directory to allow the apache process the ability to read/write to files in this directory; We're telling SELinux that this is expected behavior and to not interfere.
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 02)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 02)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users Tony Robinson (Dec 01)
- Re: Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users waldo kitty (Dec 01)