From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Jun 28 16:10:12 2012
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9DA001065679
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 28 Jun 2012 16:10:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 731648FC1E
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 28 Jun 2012 16:10:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5SGACO6027606
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 28 Jun 2012 16:10:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5SGACOa027605;
	Thu, 28 Jun 2012 16:10:12 GMT (envelope-from gnats)
Resent-Date: Thu, 28 Jun 2012 16:10:12 GMT
Resent-Message-Id: <201206281610.q5SGACOa027605@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Michael Scheidell <scheidell@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id F2A321065676
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 28 Jun 2012 16:00:54 +0000 (UTC)
	(envelope-from scheidell@secnap.net)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[204.89.241.253])
	by mx1.freebsd.org (Postfix) with ESMTP id C01888FC17
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 28 Jun 2012 16:00:54 +0000 (UTC)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[10.70.1.253])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 485A8621C56
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 28 Jun 2012 12:00:54 -0400 (EDT)
Received: from scanner.secnap.net (unknown [10.70.1.4])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 90647621C55
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 28 Jun 2012 12:00:53 -0400 (EDT)
Received: by scanner.secnap.net (Postfix, from userid 1001)
	id 8B4E11D483; Thu, 28 Jun 2012 12:00:53 -0400 (EDT)
Message-Id: <20120628160053.8B4E11D483@scanner.secnap.net>
Date: Thu, 28 Jun 2012 12:00:53 -0400 (EDT)
From: Michael Scheidell <scheidell@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/169524: security/snortsam : remove rcscript REQUIRE: LOGIN
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2012 16:10:12 -0000


>Number:         169524
>Category:       ports
>Synopsis:       security/snortsam : remove rcscript REQUIRE: LOGIN
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 28 16:10:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security
>Environment:

>Description:

The use of 'REQUIRE:*LOGIN' is usually needed so that nis/ldap/pam/other remote auth for services that need to chuser.
snortsam has not need for a user other than root, and having this run BEFORE LOGIN, can cause delays in bootup, more 
specifically, since snortsam loads lots of 'dontblock' ip's by reading a large 'root server' dns list, it can appear to lock 
up the system, until it is done.

By removing the 'LOGIN' from 'REQUIRE', the cli (console) login can be presented while snortsam is starting.
PLEASE NOTE: snort itself isn't even running yet (it does not REQUIRE LOGIN), so there is no real need to risk the delays.

>How-To-Repeat:
break dns and reboot system, try to obtain console login.. it could take a timeout of 5 mins per dontblock entry.
>Fix:

This patch

--- snortsam.patch begins here ---
Index: files/snortsam.sh.in
===================================================================
RCS file: /home/pcvs/ports/security/snortsam/files/snortsam.sh.in,v
retrieving revision 1.5
diff -u -r1.5 snortsam.sh.in
--- files/snortsam.sh.in	14 Jan 2012 08:56:52 -0000	1.5
+++ files/snortsam.sh.in	28 Jun 2012 15:54:57 -0000
@@ -3,7 +3,6 @@
 
 # PROVIDE: snortsam
 # REQUIRE: DAEMON
-# BEFORE:  LOGIN
 # KEYWORD: shutdown
 
 #
--- snortsam.patch ends here ---

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
>Unformatted: