Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snort doesn't start #5027

Closed
gsanchietti opened this issue Feb 18, 2016 · 3 comments
Closed

Snort doesn't start #5027

gsanchietti opened this issue Feb 18, 2016 · 3 comments
Labels
bug A defect of the software
Milestone
v7-alpha3

Comments

@gsanchietti
Copy link
Member

After enabling snort from the web interface the service will not start.

Steps to reproduce:

  • Enable snort from "IPS"
  • Choose "Security" or "Connectivity" as "Rule policy"
  • The system will report the event is failed

Relevant log:

Feb 17 16:39:53 engine esmith::event[3260]: Event: nethserver-pulledpork-save
...
Feb 17 16:39:57 engine esmith::event[3260]: #011Error 404 when fetching https://rules.emergingthreatspro.com/emerging.rules.tar.gz.md5 at /usr/bin/pulledpork.
pl line 516.
Feb 17 16:39:57 engine esmith::event[3260]: #011main::md5file('open', 'emerging.rules.tar.gz', '/tmp/', 'https://rules.emergingthreatspro.com/') called at /us
r/bin/pulledpork.pl line 1937
Feb 17 16:39:57 engine esmith::event[3260]: Rules tarball download of community-rules.tar.gz....
Feb 17 16:39:57 engine esmith::event[3260]: Checking latest MD5 for emerging.rules.tar.gz....
Feb 17 16:39:57 engine esmith::event[3260]: #011A 404 error occurred, please verify your filenames and urls for your tarball!
Feb 17 16:39:57 engine esmith::event[3260]: Action: /etc/e-smith/events/nethserver-pulledpork-save/S30nethserver-pulledpork-apply FAILED: 255 [3.472343]
Feb 17 16:39:57 engine esmith::event[3260]: Event: nethserver-pulledpork-save FAILED

Also:

Feb 17 16:39:58 engine systemd: Starting SYSV: snort is a lightweight network intrusion detection tool that currently detects more than 1100 host and network vulnerabilities, portscans, backdoors, and more....
Feb 17 16:39:58 engine snortd: Starting snort: /usr/sbin/snort: error while loading shared libraries: libsnf.so.0: cannot open shared object file: No such file or directory
Feb 17 16:39:58 engine snortd: [FAILED]
@gsanchietti gsanchietti added bug A defect of the software confirmed labels Feb 18, 2016
@gsanchietti
Copy link
Member Author

Snort doesn't start because pfring inside ntopng brings a link to libsnf.so.0 library wich is not available in CentOS 7.
If you have ntopng installed, please upgrade to: nethserver-ntopng-1.3.1-1.8.g5265f8e.ns7.noarch.rpm

gsanchietti added a commit to NethServer/nethserver-ntopng that referenced this issue Feb 18, 2016
@gsanchietti
Disable pfring. NethServer/dev#5027
dcad0a5
gsanchietti added a commit to NethServer/nethserver-ntopng that referenced this issue Feb 18, 2016
@gsanchietti
Force ldconfig run. NethServer/dev#5027
5265f8e
@gsanchietti
Copy link
Member Author

The error on nethserver-pullepork-save event was only a network issue.
Please go ahead with testing the previous package, no need to update any snort related package.

@DavidePrincipi DavidePrincipi self-assigned this Apr 7, 2016
@gsanchietti gsanchietti removed their assignment Apr 8, 2016
@gsanchietti
Copy link
Member Author

Snort and ntopng can correctly be installed and run together.

@DavidePrincipi DavidePrincipi modified the milestones: v6, v7-alpha3 Aug 29, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A defect of the software
Projects
None yet
Milestone
v7-alpha3
Development

No branches or pull requests
2 participants
@gsanchietti @DavidePrincipi