Hello there, snort-2.4.0 was released a few of days ago and a masked ebuild is available. Running the old init script gives an [ ok ], but no process seems to get started. We probably want to get this fixed before unmasking snort. I may not have time to work on it soon enough.
Same here, if I start snort from command line it terminates with a "segmentation fault": [...] rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Portscan Detection Config: Detect Protocols: TCP UDP ICMP IP Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sensitivity Level: Low Memcap (in bytes): 10000000 Number of Nodes: 36900 X-Link2State Config: Ports: 25 691 Segmentation fault Here is my emerge info: Portage 2.0.51.22-r2 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.5-r1, 2.6.12-gentoo-r10 i586) ================================================================= System uname: 2.6.12-gentoo-r10 i586 AMD-K6(tm) 3D processor Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i586-pc-linux-gnu" CFLAGS="-mcpu=k6-2 -O2 -fomit-frame-pointer -fforce-addr -pipe" CHOST="i586-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-mcpu=k6-2 -O2 -fomit-frame-pointer -fforce-addr -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.eliteitminds.com" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="berkdb crypt dlloader gd hardened ncurses nls nptl pam perl pic png python readline samba ssl tcpd unicode userlocales x86 xml xml2 zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS I'm trying to use snort-2.4.0 with prelude support
If I comment this line in snort.conf ## output alert_prelude the segmentation fault disappears, but snort terminates with this error: [...] Rule application order: ->activation->dynamic->drop->alert->pass->log Log directory = /var/log/snort Basic file configuration does not exist. Please run : prelude-adduser register snort "idmef:w" <manager address> --uid 101 --gid 407 program to setup the analyzer. Be aware that you should replace the "<manager address>" argument with the server address this analyzer is reporting to as argument. "prelude-adduser" should be called for each configured server address. ERROR: prelude-client: Unable to initialize prelude client: Could not access TLS private key. Fatal Error, Quitting.. Waiting for asynchronous operation to complete. But I've already registered snort sensor correctly...
2.4.0 ebuild isnt anymore in the tree, could you still reproduce the problem with 2.4.1?
As far as itsnt anymore in the tree and problem doesnt seem to be in upper version, im closing it; otherwise please reopen it.