Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 5592 - Recent Snort ebuilds problem
Summary: Recent Snort ebuilds problem
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High normal
Assignee: Daniel Ahlberg (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-25 19:44 UTC by Jim Marshall
Modified: 2003-02-04 19:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Marshall 2002-07-25 19:44:27 UTC 
The last two ebuilds of net-analyzer/snort, at least, do not work for me 
without some modification. First, the configuration in /etc/conf.d/snort 
specifies a config file of /etc/snort/snort.conf which does not exist by 
default. Either the ebuild should copy /etc/snort/snort.conf.distrib 
to /etc/snort/snort.conf, or the ebuild should alert the user that he'll need 
to do this.

Second, and more importantly, /etc/conf.d/snort has snort running as 
user "nobody" by default. The ebuild creates the /var/log/snort/ log directory 
as owned by root.snort, with rwx permissions for user and group. This means 
that snort, when run as "nobody" as per conf.d, is unable to create or open 
log files, and simply exits. I have set snort to run as "-u snort -g snort" in 
conf.d/snort, and this seems to fix the problem. Another solution is to simply 
drop the "-u" and "-g" flags, and let snort run as root full time. This is 
less desirable for security reasons, though. The ebuild goes through the 
trouble of creating both user and group "snort", but then makes no use of them 
when it actually comes to running snort. This seems strange.

These problems exist in both the 1.8.6 and 1.8.7 ebuilds, which are the only 
ones on my system. In neither case does snort run "out of the box" after 
emerging.
Comment 1 SpanKY gentoo-dev 2002-07-25 21:14:40 UTC 
by not creating a default conf file it forces the user to setup snort and/or 
makes them aware of how to config snort ...
Comment 2 Daniel Ahlberg (RETIRED) gentoo-dev 2002-07-26 03:23:18 UTC 
I've commited a fix for the logdir. As for the configuration, it's not a good
idea to overwrite the existing configuration file becuse the user might have
made changes he or she might want to preserve. I will look into making some kind
of adjustment to the startup script to warn if there isn't a snort.conf file
present.
Comment 3 Jim Marshall 2002-07-26 20:17:13 UTC 
I would've thought that config file protection would prevent a pre-existing 
snort.conf from being overwritten. Doesn't really matter, because the warning 
you put in init.d/snort is just as good.

Anyways, I just unmerged snort and then manually cleaned out the remainder, by 
way of testing. Emerged it back, and it works great. Thanks!