Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 11643 - snort-1.9.1-r2 ebuild
Summary: snort-1.9.1-r2 ebuild
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High blocker (vote)
Assignee: Gentoo Linux bug wranglers
Depends on:
Reported: 2002-12-05 14:59 UTC by Torgeir Hansen
Modified: 2003-05-09 15:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

snort-1.9.0-ebuild patch (snort-1.9.patch,422 bytes, patch)
2002-12-05 15:00 UTC, Torgeir Hansen
Details | Diff
fixed ebuild for snort-1.9.1 (snort-1.9.1-r2.ebuild,2.83 KB, text/plain)
2003-04-06 14:30 UTC, Torgeir Hansen
conf.d/snort, fixed to NOT include '-v' by default. (snort.confd,427 bytes, text/plain)
2003-04-06 14:31 UTC, Torgeir Hansen
patch used by the ebuild to fix 'var RULE_PATH' to sane value. (snort-1.9.1-snort.conf.patch,480 bytes, text/plain)
2003-04-06 14:32 UTC, Torgeir Hansen

Note You need to log in before you can comment on or make changes to this bug.
Description Torgeir Hansen 2002-12-05 14:59:50 UTC
the snort-1.9 ebuild doesen't install the reference.config file which snort 
apparently needs to start up.
There are some more files in the snort-dist, which doesen't seem to be 
important - for snort at least! :)
Comment 1 Torgeir Hansen 2002-12-05 15:00:27 UTC
Created attachment 6240 [details, diff]
snort-1.9.0-ebuild patch
Comment 2 Maik Schreiber 2003-01-17 17:41:20 UTC
Bouncing back to bug-wranglers due to time constraints.
Comment 3 Torgeir Hansen 2003-03-07 03:03:48 UTC
As far as I can see, there actually was a security-warning release about snort < 1.9.1, which tells people to install the new version. 
If someone actually installs the new version without the old one previously installed, they won't get it working!

or, my brain is broken - In any case you should get this bug closed one way or the other! :P
Comment 4 Torgeir Hansen 2003-03-07 03:13:45 UTC
And while I'm at it, why the hell is '-dev' set as options in the default config?
Try running snort with the params given by default:
/usr/bin/snort -u snort -i eth0 -dev -l /var/log/snort -c /etc/snort/snort.conf

As you will see, the result is snort wasting alot of time printing the raw data to stdout which in the startupscript is redirected to /dev/null .. 

Also, '-A fast -ab' are nice options but that's another matter ;]

Comment 5 Andrew 2003-03-07 16:44:22 UTC
This is preventing me from getting snort to work properly...
Comment 6 Torgeir Hansen 2003-04-06 14:30:19 UTC
update; i'll attach a fixed/updated ebuild for snort-1.9.1 that fixes these issues that exist with current ebuild:
- reference.config is now being installed.
- var RULE_PATH is now sane with regards to the actual installation made by the ebuild. (now it points to the actual directory the rules lay;)
- /etc/conf.d/snort now does NOT use '-v' argument by default, I quote from the manpage as to why this should not be used (if you look away from the obvious one with snort sending output to stdout which is redirected to /dev/null by init-script:
       -v     Be  verbose.   Prints  packets out to the console.  There is one
              big problem with verbose mode: it's slow.  If you are doing  IDS
              work  with Snort, don't use the '-v' switch, you WILL drop pack-
Comment 7 Torgeir Hansen 2003-04-06 14:30:58 UTC
Created attachment 10291 [details]
fixed ebuild for snort-1.9.1
Comment 8 Torgeir Hansen 2003-04-06 14:31:41 UTC
Created attachment 10292 [details]
conf.d/snort, fixed to NOT include '-v' by default.
Comment 9 Torgeir Hansen 2003-04-06 14:32:16 UTC
Created attachment 10293 [details]
patch used by the ebuild to fix 'var RULE_PATH' to sane value.
Comment 10 Martin Holzer (RETIRED) gentoo-dev 2003-05-09 15:35:56 UTC
2.0 is stable cause of GLSA