Package: snort
Version: 2.7.0-8
Severity: normal
I have multiple interfaces lan0 and wlan0 (fixed and wireless) on my
computer. It's a laptop, I only use one at a time depending on where
I happen to be at the time.
I want to be able to run snort as a simple security measure, so that it
keeps watch over either interface, whichever one happens to be running
at the time. So I configure the two, setting snort/interface as
"lan0 wlan0".
However, because only one of the interfaces is activated at one time,
snort fails to process the configuration, saying for instance:
Starting Network Intrusion Detection System : snort (lan0 no
/etc/snort/snort.lan0.conf found, defaulting to snort.conf ...done)
(wlan0 no /etc/snort/snort.wlan0.conf found, defaulting to snort.conf
...ERROR: failed (check /var/log/syslog and /var/log/snort)) failed!
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing snort (--configure):
subprocess post-installation script returned error exit status 1
Hence dpkg treats snort as unconfigured, and proper installation is
not successful.
Looking at /var/log/syslog, it suggests the failure is simply due to
wlan0 being deactivated (this upgrade was done over lan0):
Jan 3 15:36:58 pug snort[29018]: FATAL ERROR: OpenPcap() device wlan0
open:
SIOCGIFHWADDR: No such device
So snort does not appear to elegantly deal with a temporarily
deactivated interface. The expected behaviour would be for snort to
simply ignore (or perhaps record a warning against) a missing
interface, and then switch over to monitor that interface, once it is
later activated (perhaps some use of ifupdown's /etc/network/if-up.d/
scripts is needed to achieve this ? )
Thanks,
Drew
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.23
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snort depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libc6 2.7-5 GNU C Library: Shared libraries
ii libgcrypt11 1.4.0-2 LGPL Crypto library - runtime libr
ii libgnutls13 2.0.4-1 the GNU TLS library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libltdl3 1.5.24-2 A system independent dlopen wrappe
ii libpcap0.8 0.9.8-2 System interface for user-level pa
ii libpcre3 7.3-2 Perl 5 Compatible Regular Expressi
ii libprelude2 0.9.16.1-1 Hybrid Intrusion Detection System
ii libtasn1-3 1.2-1 Manage ASN.1 structures (runtime)
ii logrotate 3.7.1-3 Log rotation utility
ii snort-common 2.7.0-8 Flexible Network Intrusion Detecti
ii snort-common-libraries 2.7.0-8 Flexible Network Intrusion Detecti
ii snort-rules-default 2.7.0-8 Flexible Network Intrusion Detecti
ii sysklogd [system-log-da 1.5-1 System Logging Daemon
ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime
Versions of packages snort recommends:
ii snort-doc 2.7.0-8 Documentation for the Snort IDS [d
-- debconf information:
snort/startup: boot
snort/please_restart_manually:
snort/stats_treshold: 1
snort/options:
* snort/invalid_interface:
* snort/interface: lan0 wlan0
snort/stats_rcpt: root
snort/send_stats: true
snort/config_parameters:
* snort/config_error:
snort/reverse_order: false
snort/disable_promiscuous: false
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]