Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
snort+snortsam gentoo amd64
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian)
View previous topic :: View next topic  
Author Message
al1ta
Tux's lil' helper
Tux's lil' helper


Joined: 18 Apr 2005
Posts: 77

PostPosted: Fri Oct 19, 2007 1:08 pm    Post subject: snort+snortsam gentoo amd64 Reply with quote

ciao a tutti,

sto cercando di configurare snort con snortsam. Ho seguito l'howto ma ottengo il seguente errore...

snort:
-------
INFO => [Alert_FWsam](FWsamCheckIn) Connected to host 127.0.0.1.
ERROR => [Alert_FWsam](FWsamCheckIn) Password mismatch! Ignoring host 127.0.0.1.

snortsam
-----------
2007/10/19, 14:49:24, 127.0.0.1, 3, snortsam, Accepted connection from 127.0.0.1.
2007/10/19, 14:49:24, 127.0.0.1, 3, snortsam, Adding sensor 127.0.0.1 to list.
2007/10/19, 14:49:24, 127.0.0.1, 3, snortsam, Had to use initial key!
2007/10/19, 14:49:24, 127.0.0.1, 1, snortsam, Snort station 127.0.0.1 using wrong password, trying to re-sync.



i file di configurazione sono i seguenti:

snortsam.conf
----------------
defaultkey xxxxxxxx
accept localhost
fwsam localhost
keyinterval 30 minutes
dontblock xxx.xxx.xxx.xxx # home network
rollbackhosts 50
rollbackthreshold 20 / 30 secs
rollbacksleeptime 1 minute
logfile /var/log/snortsam.log
loglevel 4
daemon
#nothreads
email localhost alert@machinemain
iptables eth0 LOG

snort.conf
------------
output alert_fwsam: localhost:898/xxxxxxx
Back to top
View user's profile Send private message
Scen
Retired Dev
Retired Dev


Joined: 29 Jul 2003
Posts: 2470
Location: Padova, Italy

PostPosted: Fri Oct 19, 2007 1:21 pm    Post subject: Reply with quote

Premetto che non riuscirò a aiutarti, in quanto sono ignorante in materia :P

Comunque sarebbe utile se dessi l'indirizzo dell'HOWTO che hai seguito, può facilitare le cose :wink:

Inoltre cerca di utilizzare i BBCode per rendere più leggibile i tuoi messaggi.
_________________
I was born in a deep forest/I wish I could live here all my life/I am made from stones and roots/My home, these woods and roads
All my life I loved this sound/Of the woods all around/Eagles flies where the winds blows free
Journey is my destiny
Back to top
View user's profile Send private message
al1ta
Tux's lil' helper
Tux's lil' helper


Joined: 18 Apr 2005
Posts: 77

PostPosted: Fri Oct 19, 2007 2:06 pm    Post subject: Reply with quote

chiedo scusa...


l'url del howto è il seguente
Back to top
View user's profile Send private message
al1ta
Tux's lil' helper
Tux's lil' helper


Joined: 18 Apr 2005
Posts: 77

PostPosted: Fri Oct 19, 2007 8:08 pm    Post subject: Reply with quote

penso che sia proprio un problema legato al codice a 64bit. Ho compilato snort+snortsam su un sistema 32bit ed ha funzionato correttamente

qui avevo trovato infatti un post che mi aveva fatto dubitare

che dice

Quote:
Snortsam and Snort will only ignore the peer if they can not renegotiate a new session key using the default password, meaning, the default passwords don't match up.

The only time I've seen that error constantly, despite both passwords being correct, is when Snort or Snortsam runs on a 64 bit system. The TwoFish encryption routines in Snortsam are built for 32 bit systems only, and are not fit for 64 bit systems.

So, question to you: Is your system 64 bit?


qualcuno sa se c'è un workaround, una patch per far funzionare snortsam anche nei sistemi a 64bit? E anche.. a qualcuno risulta che quando detto nel post evidenziato sia vero?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum