Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Paul on December 04, 2003, 01:27:03 PM
-
How can I get snort to work on SME 6.0? Has anybody some experience?
I would be very interested having a solution...
Paul
[%sig%]
-
Paul,
Did you ever get a solution for this?
JB
-
Unfortunately not ...
Would still be interested.
Paul
-
Did you try the directions here?
http://marari.net/downloads/snort/acid-howto.htm
-
I did a fresh install of SME 6 final on my box at home yesterday and loaded snort this morning. I used these versions:
snort-2.0.4-1.i386.rpm
snort-mysql-2.0.4-1.i386.rpm
sme-acid-2.0.0-1ari.noarch.rpm
I had to edit /etc/snort/snort.conf to comment out the "preprocessor asn1_decode" line to prevent a fatal error during snort's startup.
Snort seems to be working as it has reported several attacks already.
I'm holding off a bit to install trevor-mitel-guardian as the firewall configuration in SME 6 final is quite a bit different from previous versions. The two may be compatible but I want to be sure first.
-
Ray,
Where did you see that preprocessor error at. I am not seeing that. I am currently only running this with 1 nic, so I edited /etc/init.d/snortd and changed all eth1 to eth0. I will reload with a 2nd nic later on and see if the results are different.
Currently when I do a service snortd start, my box seems to be hanging at starting snort: But, if I do a service snortd status, I get snort-mysql (pid ...) is running...
And, looking in /var/log/messages doesn't show any preporcessor errors as well.
Thanks for taking the time to help.
JB
-
Ray,
Did a re-install with 2 nics and got the same as you. Thanks for your help and time.
JB
-
I'm at work and don't recall the exact error message in the "messages" log file but it was a snortd fatal error. If I recall correctly it listed the preprocessor name but did not contain the word "preprocessor". When I did "/etc/rc.d/init.d/snortd status" I would receive a responce saying snortd was not running. Even after issuing an "/etc/rc.d/init.d/snortd start".
-
I found another problem with snort. Or at least with the installation on my machine. The /etc/logrotate.d/snort file has a typo on line 4. Near the end of the line, the "r" in "var" is transposed with a "/". This causes the daily log rotate to fail.
-
I can confirm that. Good catch Ray.
-
So did anyone get snort and acid working on 6?
I did an upgrade and it promptly killed Snort and Acid (Well I assume that is what has happened). Newbie to Linux, but it was somehow reassuring to see all those blocked Ip's <Grin>
I note the Marinara website does not mention version 6, so can only assume that it does not support it?
Drift.
-
I am running 6 Final. I installed Snort and the Mitel Guardian package using: http://marari.net/downloads/snort/acid-howto.htm
along with absolutely everything I could find in the forums. It "sorta" works. I had Snort/Guardian installed w/ 5.6 and it worked great...no problems at all. But things are different enough in 6 that it (Snort) just does not work out of the box...you will have to tweak things a lot. I am still not happy with mine. I am considering uninstalling actually. I get alert reports and that...but it still does not work as it should. That's my experience with it. Guardian does not work at all.