Bug #3161

snort does not start if policy=security

Added by Filippo Carletti about 6 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-snort
Target version:v6.6
Security class: Resolution:
Affected version:v6.6 NEEDINFO:No

Description

An update to snort rules added a variable named FTP_PORTS used in some rules in the security profile.
If that profile was selected snort failed to start.

Associated revisions

Revision 2202c04b
Added by Filippo Carletti about 6 years ago

snort.conf: add FTP_PORTS variable. Refs #3161

Revision 371776ef
Added by Filippo Carletti about 6 years ago

snort.conf: add sip support for security policy. Refs #3161

Revision 59658b47
Added by Giacomo Sanchietti about 6 years ago

spec: force upgrade to snort 2.9.7.2-2. Refs #3161

Revision 647c4e91
Added by Giacomo Sanchietti about 6 years ago

spec: add firewall-base dependency. Refs #3161

History

#1 Updated by Filippo Carletti about 6 years ago

  • Status changed from NEW to TRIAGED
  • Assignee set to Filippo Carletti
  • % Done changed from 0 to 20

We need to add the variable to snort.conf.

#2 Updated by Filippo Carletti about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#3 Updated by Filippo Carletti about 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Test case:
After update set Policy to security and check that snort starts.

#4 Updated by Filippo Carletti about 6 years ago

I'd also update to the latest version of snort and adjust the dependency on nethserver-snort.

#5 Updated by Giacomo Sanchietti about 6 years ago

  • Target version set to v6.6

#6 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-snort-1.0.0-1.7.gd84f09c.ns6.noarch.rpm
  • nethserver-snort-1.0.0-1.9.g647c4e9.ns6.noarch.rpm (force upgrade to snort 2.9.7.2-2)

#7 Updated by Giacomo Sanchietti about 6 years ago

  • Assignee set to Giacomo Sanchietti

#8 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Before update:

May 14 08:02:12 localhost snort[13129]: FATAL ERROR: /etc/snort/rules/snort.rules(24590) ***PortVar Lookup failed on '$FTP_PORTS'.

After update snort runs correctly.

#9 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-snort-1.0.1-1.ns6.noarch.rpm
  • snort-2.9.7.2-2.x86_64.rpm

Also available in: Atom PDF