Bug #3161
snort does not start if policy=security
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-snort | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.6 | NEEDINFO: | No |
Description
An update to snort rules added a variable named FTP_PORTS used in some rules in the security profile.
If that profile was selected snort failed to start.
Associated revisions
snort.conf: add FTP_PORTS variable. Refs #3161
snort.conf: add sip support for security policy. Refs #3161
spec: force upgrade to snort 2.9.7.2-2. Refs #3161
spec: add firewall-base dependency. Refs #3161
History
#1 Updated by Filippo Carletti about 6 years ago
- Status changed from NEW to TRIAGED
- Assignee set to Filippo Carletti
- % Done changed from 0 to 20
We need to add the variable to snort.conf.
#2 Updated by Filippo Carletti about 6 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#3 Updated by Filippo Carletti about 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Test case:
After update set Policy to security and check that snort starts.
#4 Updated by Filippo Carletti about 6 years ago
I'd also update to the latest version of snort and adjust the dependency on nethserver-snort.
#5 Updated by Giacomo Sanchietti about 6 years ago
- Target version set to v6.6
#6 Updated by Giacomo Sanchietti about 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Filippo Carletti) - % Done changed from 60 to 70
Package in nethserver-testing:
nethserver-snort-1.0.0-1.7.gd84f09c.ns6.noarch.rpm- nethserver-snort-1.0.0-1.9.g647c4e9.ns6.noarch.rpm (force upgrade to snort 2.9.7.2-2)
#7 Updated by Giacomo Sanchietti about 6 years ago
- Assignee set to Giacomo Sanchietti
#8 Updated by Giacomo Sanchietti about 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Before update:
May 14 08:02:12 localhost snort[13129]: FATAL ERROR: /etc/snort/rules/snort.rules(24590) ***PortVar Lookup failed on '$FTP_PORTS'.
After update snort runs correctly.
#9 Updated by Giacomo Sanchietti about 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-updates:
- nethserver-snort-1.0.1-1.ns6.noarch.rpm
- snort-2.9.7.2-2.x86_64.rpm