Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: MasterSleepy on March 23, 2005, 07:22:18 PM
-
Hi all,
Due to change with snort rules, I've update snort rpm.
You can find rpm at following adress
http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewsdownload
I've update old rules update script to use gpl rules of snort.
I also modify some script so that now snort restart after ip change.
For the acid install, nothing has change and old Howto still available (http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=19#step4)
Regards,
-
Thanks for that :-D
All updated.
-
Hi all,
For the acid install, nothing has change and old Howto still available (http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=19#step4)
Regards,
Must be blind at both eyes.. cannot find one of the bin-rpm's you'e mentioned, in the acid howto...
the 0.2.2 version gave conflict errors ..
do I have to 'go to the source'?
snort-2.1.1-1.i386.rpm
snort-mysql-2.1.1-1.i386.rpm
-> sme-snort-0.2-1.noarch.rpm <-
sme-acid-0.2-1.noarch.rpm
thx
--
-
Hello yank,
The howto is not uptodate. I have leak of time for the moment.
The only think you have to do is to install 2 rpm :
the one for snort 2.3.2 (http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewsdownload)
and
the one for acid (http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=170&ttitle=sme-acid-0.2-1.noarch.rpm)
Regards.
-
Dear MasterSleepy,
The only think you have to do is to install 2 rpm :
the one for snort 2.3.2 (http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewsdownload)
and
the one for acid (http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=170&ttitle=sme-acid-0.2-1.noarch.rpm)
I must be blind as well. I have followed your instructions and here are the results:
[root@mail up250305]# rpm -Uvh sme-snort-2.3-2.src.rpm
1:sme-snort ########################################### [100%]
[root@mail up250305]# rpm -Uvh sme-snort-2.3-2.i386.rpm
Preparing... ########################################### [100%]
file /etc/logrotate.d/snort from install of sme-snort-2.3-2 conflicts with file from package snort-2.1.1-1
file /etc/rc.d/init.d/snortd from install of sme-snort-2.3-2
## [.... and a lot more of these...]
file /usr/share/man/man8/snort.8.gz from install of sme-snort-2.3-2 conflicts with file from package snort-2.1.1-1
rpm -qa shows:
sme-snort-0.2-2
snort-2.1.1-1
snort-mysql-2.1.1-1
sme-acid-0.2-1
Where have I gone wrong?
Many thanks and regards. chris.
-
Please remove old one first.
-
Please remove old one first.
all of them? in example:
sme-snort-0.2-2
snort-2.1.1-1
snort-mysql-2.1.1-1
Again, they are all dependent on each other, so remove --force?
many thanks.
-
Yes remove all of them.
for sme-snort-0.2-2 you have to force to uninstall it.
The other one should uninstall without forcing.
Regards.
-
Yes, done --nodeps and all is well. Many thanks. Rgds. chris.
PS: restart snortd after upgrade.
-
Until MasterSleepy gets a chance to update his howto here is a short version.
[list=1]
- Remove old the version
rpm -e sme-snort-0.2-2 snort-2.1.1-1 snort-mysql-2.1.1-1
If that doesn't work then you will need to use --force rpm -e --force sme-snort-0.2-2 snort-2.1.1-1 snort-mysql-2.1.1-1
- Download sme-snort-2.3-2.i386.rpm (http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=255) and sme-acid-0.2-1.noarch.rpm (http://vanhees.homeip.net/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=170) to your server
- Install snort
rpm -Uvh sme-snort-2.3-2.i386.rpm
- Start snort
/etc/init.d/snortd start
- Install acid (only if you don't already have it installed)
rpm -Uvh sme-acid-0.2-1.noarch.rpm
- Now open your favorite browser at https://[your server]/acid/ Log you with admin loggin and password like server-manager
- Say thanks to MasterSleepy for making this so easy.[/list:o]
-
"Say thanks to MasterSleepy for making this so easy"
Indeed! Merci MasterSleepy! And another vote of thanks to Genzil for making it so clear.
A question if I may. logs today say:
/etc/cron.daily/logrotate:
error: error accessing /var/log/snort/*: No such file or directory
error: snort:4 glob failed for /var/log/snort/*/*log
/etc/cron.daily/sarg.daily.cron:
Previous /etc/logrotate.d/snort was:
/var/log/snort/alert {
daily
rotate 7
missingok
compress
postrotate
/etc/init.d/snortd restart 1>/dev/null || true
endscript
}
Now, after upgrade, it is:
/var/log/snort/alert /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log {
daily
rotate 7
missingok
compress
postrotate
/etc/init.d/snortd restart 1>/dev/null || true
endscript
}
Is this an issue?
Regards, chris
-
Yes, the both of you; thanks for the fish...
-
Still Getting a weekly alert and this was from a fresh install of SNORT using the above rpm's
/etc/cron.weekly/snort-update:
SETTING UP WORKING DIRECTORY
DOWNLOAD AND EXTRACT CURRENT RULE-SET
--04:22:41-- http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
=> Community-Rules.tar.gz'
Resolving www.snort.org... done.
Connecting to www.snort.org[199.107.65.177]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
0K ........ 50.98 KB/s
04:22:43 (50.98 KB/s) - Community-Rules.tar.gz' saved [8248]
--04:22:43-- http://www.snort.org/dl/rules/snortrules-snapshot-2_1.tar.gz
=> snortrules-snapshot-2_1.tar.gz'
Resolving www.snort.org... done.
Connecting to www.snort.org[199.107.65.177]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
04:22:43 ERROR 404: Not Found.
STOP SNORTD SNORT-MYSQL SERVICE
Stopping snort: [ FAILED ]
COPY NEW RULES IN PLACE
START SNORTD SNORT-MYSQL SERVICE
Starting snort: [ FAILED ]
SHOW SNORTD STATUS
snort dead but subsys locked
FINISHED
-
Hy all,
RPM have been upgrade to solve several problem.
- logrotate problem
- rules update problem
- added process running check
Please remove old one before installing.
http://www.vanhees.cc/modules.php?op=modload&name=Downloads&file=index&req=viewsdownload
Regards.
-
You should register at www.snort.org and then use the following wget line in update-rules:
wget http://www.snort.org/pub-bin/oinkmaster.cgi/Your_reg_code_here/snortrules-snapshot-2.1.tar.gz
tar zxvf snortrules-snapshot-2.1.tar.gz
instead of using:
http://www.snort.org/dl/rules/snortrules-snapshot-2_1.tar.gz
-
Why are they still "sme-snort-2.3-2.i386.rpm", MasterSleepy? To reflect your changes, give us a higher version numer like "sme-snort-2.3-2-1MasterSleepy.i386.rpm" or whatever you like. Makes it easier for me to update the NDA.
-
OK I'll be made the change shortly and advise you when it's done.
Regards.
-
Hello all,
Now version are 2.3-2.1.
Regards.
-
Merci, Michel: http://no.longer.valid/phpwiki/index.php/New%20Development%20Announcements%20March%202005