Bug #3211

snort DNS_SERVERS var redefined

Added by Filippo Carletti about 6 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-snort
Target version:v6.6
Security class: Resolution:
Affected version:v6.6 NEEDINFO:No

Description

There's a typo in snort.conf, DNS_SERVERS is redefined.
The first definition is correct, the second, which is used, is too generic and could produce some false positives.

Associated revisions

Revision 285e980f
Added by Filippo Carletti about 6 years ago

snort.conf: delete duplicate DNS_SERVERS var. Refs #3211

Revision 6340e90b
Added by Giacomo Sanchietti about 6 years ago

RE-FIX snort.conf: delete duplicate DNS_SERVERS var. Refs #3211

History

#1 Updated by Filippo Carletti about 6 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20
# grep DNS_SERVERS /etc/e-smith/templates/etc/snort/snort.conf/10base 
    $OUT .= "var DNS_SERVERS [".$dns{'NameServers'}."]\n";
var DNS_SERVERS     $HOME_NET

#2 Updated by Filippo Carletti about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Filippo Carletti
  • % Done changed from 20 to 30

#3 Updated by Filippo Carletti about 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti about 6 years ago

  • Target version set to v6.6

#5 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-snort-1.0.1-1.1.g285e980.ns6.noarch.rpm
  • nethserver-snort-1.0.1-1.3.g6340e90.ns6.noarch.rpm
Test case
  • Check the bug is not reproducible:
    grep DNS_SERVERS  /etc/snort/snort.conf
    

#6 Updated by Giacomo Sanchietti about 6 years ago

  • Assignee set to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Duplicate var has been removed:

[root@localhost ~]# grep DNS /etc/snort/snort.conf 
var DNS_SERVERS [192.168.1.253]

#8 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-snort-1.0.2-1.ns6.noarch.rpm

Also available in: Atom PDF