11643 – snort-1.9.1-r2 ebuild

Bug 11643 - snort-1.9.1-r2 ebuild

Summary: snort-1.9.1-r2 ebuild

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High blocker (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-12-05 14:59 UTC by Torgeir Hansen
Modified:	2003-05-09 15:35 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
snort-1.9.0-ebuild patch (snort-1.9.patch,422 bytes, patch) 2002-12-05 15:00 UTC, Torgeir Hansen	Details \| Diff
fixed ebuild for snort-1.9.1 (snort-1.9.1-r2.ebuild,2.83 KB, text/plain) 2003-04-06 14:30 UTC, Torgeir Hansen	Details
conf.d/snort, fixed to NOT include '-v' by default. (snort.confd,427 bytes, text/plain) 2003-04-06 14:31 UTC, Torgeir Hansen	Details
patch used by the ebuild to fix 'var RULE_PATH' to sane value. (snort-1.9.1-snort.conf.patch,480 bytes, text/plain) 2003-04-06 14:32 UTC, Torgeir Hansen	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Torgeir Hansen 2002-12-05 14:59:50 UTC

the snort-1.9 ebuild doesen't install the reference.config file which snort 
apparently needs to start up.
There are some more files in the snort-dist, which doesen't seem to be 
important - for snort at least! :)

Comment 1 Torgeir Hansen 2002-12-05 15:00:27 UTC

Created attachment 6240 [details, diff]
snort-1.9.0-ebuild patch

Comment 2 Maik Schreiber 2003-01-17 17:41:20 UTC

Bouncing back to bug-wranglers due to time constraints.

Comment 3 Torgeir Hansen 2003-03-07 03:03:48 UTC

As far as I can see, there actually was a security-warning release about snort < 1.9.1, which tells people to install the new version. 
If someone actually installs the new version without the old one previously installed, they won't get it working!

or, my brain is broken - In any case you should get this bug closed one way or the other! :P

Comment 4 Torgeir Hansen 2003-03-07 03:13:45 UTC

And while I'm at it, why the hell is '-dev' set as options in the default config?
Try running snort with the params given by default:
--
/usr/bin/snort -u snort -i eth0 -dev -l /var/log/snort -c /etc/snort/snort.conf
--

As you will see, the result is snort wasting alot of time printing the raw data to stdout which in the startupscript is redirected to /dev/null .. 

Also, '-A fast -ab' are nice options but that's another matter ;]

Comment 5 Andrew 2003-03-07 16:44:22 UTC

This is preventing me from getting snort to work properly...

Comment 6 Torgeir Hansen 2003-04-06 14:30:19 UTC

update; i'll attach a fixed/updated ebuild for snort-1.9.1 that fixes these issues that exist with current ebuild:
- reference.config is now being installed.
- var RULE_PATH is now sane with regards to the actual installation made by the ebuild. (now it points to the actual directory the rules lay;)
- /etc/conf.d/snort now does NOT use '-v' argument by default, I quote from the manpage as to why this should not be used (if you look away from the obvious one with snort sending output to stdout which is redirected to /dev/null by init-script:
--
       -v     Be  verbose.   Prints  packets out to the console.  There is one
              big problem with verbose mode: it's slow.  If you are doing  IDS
              work  with Snort, don't use the '-v' switch, you WILL drop pack-
              ets.
--

Comment 7 Torgeir Hansen 2003-04-06 14:30:58 UTC

Created attachment 10291 [details]
fixed ebuild for snort-1.9.1

Comment 8 Torgeir Hansen 2003-04-06 14:31:41 UTC

Created attachment 10292 [details]
conf.d/snort, fixed to NOT include '-v' by default.

Comment 9 Torgeir Hansen 2003-04-06 14:32:16 UTC

Created attachment 10293 [details]
patch used by the ebuild to fix 'var RULE_PATH' to sane value.

Comment 10 Martin Holzer (RETIRED) gentoo-dev

2003-05-09 15:35:56 UTC

2.0 is stable cause of GLSA