Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

snort e snortsam
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian)
View previous topic :: View next topic  
Author Message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 223
Location: Italia
PostPosted: Fri Nov 13, 2009 12:03 pm    Post subject: snort e snortsam Reply with quote
Salve,
ho installato snort e snortsam sul di un mio server però non riesco a farli lavorare congiuntamente.
Snort mi dice:
Code:
snort -v -c /etc/snort/snort.conf
Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
PortVar 'FTP_PORTS' defined :  [ 21 ]
Tagged Packet Limit: 256
Loading dynamic engine /usr/lib64/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic detection libs from /usr/lib64/snort_dynamicrule...
Warning: No dynamic libraries found in directory /usr/lib64/snort_dynamicrule!
  Finished Loading all dynamic detection libs from /usr/lib64/snort_dynamicrule
Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor...
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_smtp_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssl_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dce2_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dns_preproc.so... done
  Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssh_preproc.so... done
  Finished Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor
Log directory = /var/log/snort
ERROR: /etc/snort/snort.conf(675) Unknown output plugin: "alert_fwsam"
Fatal Error, Quitting..


questo è l'emerge info si snort

Code:

emerge --info snort
Portage 2.1.6.13 (default/linux/amd64/10.0/server, gcc-4.1.2, glibc-2.9_p20081201-r2, 2.6.19-gentoo-r5 x86_64)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.19-gentoo-r5-x86_64-Dual-Core_AMD_Opteron-tm-_Processor_2212-with-gentoo-1.12.13
Timestamp of tree: Mon, 09 Nov 2009 09:00:01 +0000
app-shells/bash:     4.0_p28
dev-java/java-config: 1.3.7, 2.1.9-r1
dev-lang/python:     2.4.6, 2.5.4-r3, 2.6.2-r1
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="it_IT@euro"
LC_ALL="it_IT@euro"
LDFLAGS="-Wl,-O1"
LINGUAS="it de fi en"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl amd64 apache2 authdaemond berkdb bzip2 cli cracklib crypt cups dri fortran gdbm gocr gpm iconv imap ipv6 ldap libwww maildir mmx modules mudflap multilib mysql ncurses nls nptl nptlonly openmp pam pcre perl pnm pppd python readline reflection sasl session snmp snortsam spell spl sse sse2 ssh ssl sysfs tcpd tiff truetype unicode vda xml xorg xsl zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access auth_basic authn_file authz_user authz_host auth auth_dbm auth_anon auth_digest alias file-cache echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in filter deflate mime-magic cern-meta expires headers unique_id usertrack proxy proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir so suexec" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="it de fi en" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

=================================================================
                        Package Settings
=================================================================

net-analyzer/snort-2.8.5.1 was built with the following:
USE="dynamicplugin ipv6 (multilib) mysql -aruba -debug -decoder-preprocessor-rules -flexresp -flexresp2 -gre -inline -inline-init-failopen -linux-smp-stats -mpls -odbc -perfprofiling -postgres -ppm -prelude -react -reload -reload-error-restart (-selinux) -static -targetbased -threads -timestats"


qualcuno ha suggerimenti, grazie in anticipo,
Maurizio
Back to top
View user's profile Send private message
mack1
Guru
Guru


Joined: 18 Mar 2006
Posts: 315
PostPosted: Tue Nov 17, 2009 7:17 pm    Post subject: Reply with quote
Ciao, la versione di snortsam in portage non coincide con l'ultima versione di snort (immagino che tu abbia installato usando portage); l'errore infatti riporta chiaramnente che il plugin "alert_fwsam", non viene trovato:

Code:

ERROR: /etc/snort/snort.conf(675) Unknown output plugin: "alert_fwsam"


Magari è il caso di aprire un bug report (imho);se un dev/moderatore/utente_anziano legge il post ti può dare maggiori consigli su come procedere.
Uso snort solo come ids e non ips, però ricordo che fino ad un tot di versioni fa c'era la USE FLAGS "snortsam", poi è scomparsa :? (forse hanno rimosso il supporto a snortsam?)

In bugzilla ho trovato questo(si parla di snortsam-2.60, in portage c'è la 2.50-r1):

https://bugs.gentoo.org/show_bug.cgi?id=238812

Comunque per avviare snort usa "/etc/init.d/snort start" (che è il metodo corretto per lanciare un demone dalla shell :wink: ), il file di configurazione lo trovi in /etc/conf.d.

Ot=Parecchi how to li puoi trovare qui:http://snortattack.org/

Ciao
Back to top
View user's profile Send private message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 223
Location: Italia
PostPosted: Wed Nov 18, 2009 9:12 am    Post subject: C Reply with quote
Ciao, grazie per le info, si ho installato con portage, cercherò qualche info in + per vedere se il supporto a snorsam è sato rimosso per il momento non ho trovato nessun riferimento.
Non ho mai segnalato un bug, ma potrebbe essere la prima volta :)

Snort lo avvio da init.d ma non riuscivo a printare l'errore per quello ho chiamato direttamente l'eseguibile.

ciao e grazie di nuovo, Maurizio


mack1 wrote:
Ciao, la versione di snortsam in portage non coincide con l'ultima versione di snort (immagino che tu abbia installato usando portage); l'errore infatti riporta chiaramnente che il plugin "alert_fwsam", non viene trovato:

Code:

ERROR: /etc/snort/snort.conf(675) Unknown output plugin: "alert_fwsam"


Magari è il caso di aprire un bug report (imho);se un dev/moderatore/utente_anziano legge il post ti può dare maggiori consigli su come procedere.
Uso snort solo come ids e non ips, però ricordo che fino ad un tot di versioni fa c'era la USE FLAGS "snortsam", poi è scomparsa :? (forse hanno rimosso il supporto a snortsam?)

In bugzilla ho trovato questo(si parla di snortsam-2.60, in portage c'è la 2.50-r1):

https://bugs.gentoo.org/show_bug.cgi?id=238812

Comunque per avviare snort usa "/etc/init.d/snort start" (che è il metodo corretto per lanciare un demone dalla shell :wink: ), il file di configurazione lo trovi in /etc/conf.d.

Ot=Parecchi how to li puoi trovare qui:http://snortattack.org/

Ciao
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy