Snort is in my default runlevel and it fails to start up with an error like this: FATAL ERROR: ERROR /etc/snort/rules/sql.rules(8): Couldn't resolve hostname apollo (it gives the error in sql.rules because the host apollo was listed as an SQL server) This is interesting because if I zap it and start it when I log in, it starts up without any problems. It seems like there's some kind of network dependency that's not completely initialized when this service comes up, causing temporary failure of name resolution. I think this theory is further supported by another bug I had to open on this machine: http://bugs.gentoo.org/show_bug.cgi?id=109803 (it's about ntp-client failing to start on default runlevel, and starting fine when I log in). Could this be related to parallel startup or something? I am using baselayout-1.11.13-r1 Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-harden ed i686) ================================================================= System uname: 2.6.14-hardened i686 Intel(R) Xeon(TM) CPU 3.00GHz Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/ config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://gentoo.chem.wisc.edu/gentoo" MAKEOPTS="-j8" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://raptor.magbank.com/gentoo-portage" USE="x86 berkdb bzip2 crypt curl doc fam fastcgi gif hardened imap jpeg ldap lib clamav maildir mailwrapper mmx nfsv4 nptl nptl-only pam pcre perl pic png postgr es python readline samba sasl sse ssl tcpd tiff unicode vhosts zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
I have extra information and a workaround: First, I run 2 instances of snort, using separate config files, separate init scripts Second, if I change /etc/conf.d/rc and turn off parallel startup to "no", both snort instances start without problem. changing strict net checking to yes had no effect.
this is as a result of using parallel startup and there isn't much we can do about it. As parallel start up is not enabled by default (and I believe still an experimental feature) then there is nothing else we can do about it.
parallel start was on by default on my machine.