Date: Mon, 14 Jan 2002 13:41:49 -0500 (EST) From: The Anarcat <anarcat@anarcat.dyndns.org> To: FreeBSD-gnats-submit@freebsd.org Cc: kris@freebsd.org, anarcat@anarcat.dyndns.org Subject: ports/33887: security/snort port cannot find its rule files Message-ID: <20020114184149.20CE020ACC@shall.anarcat.dyndns.org>
next in thread | raw e-mail | index | archive | help
>Number: 33887 >Category: ports >Synopsis: security/snort port cannot find its rule files >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 14 10:50:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: The Anarcat >Release: FreeBSD 4.5-PRERELEASE i386 >Organization: Nada, Inc. >Environment: System: FreeBSD shall.anarcat.dyndns.org 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2: Tue Jan 8 01:04:38 EST 2002 anarcat@shall.anarcat.dyndns.org:/usr/obj/usr/src/sys/SHALL i386 snort 1.8.3 port >Description: the snort port installs its configuration files in ${PREFIX}/etc and its rule files in share/snort. snort itself looks for its rules files in the same place as its configuration file, or in the current directory. >How-To-Repeat: 1- install the snort port 2- rename the configuration files appropriatly 3- run snort it won't find its rules files unless you modify the configuration files. >Fix: Workaround: s#include #include /usr/local/share/snort/# in the configuration file. Proper fix: 1: install the config and rules files in a seperate etc/snort/ directory 2: fix pkg-message and pkg-plist accordingly 3: snort itself also needs patching to detect the config file correctly Note that this doesn't make snort PREFIX-independant yet, since it won't be able to find the files in $PREFIX if it's not /usr/local/. But this was also the case before. Heck, it couldn't even find its own config file in /usr/local/etc/ at all!!! --- Makefile.orig Mon Jan 14 12:56:41 2002 +++ Makefile Mon Jan 14 13:04:10 2002 @@ -44,6 +44,8 @@ CONFIGURE_ENV+= LDFLAGS="${LDFLAGS}" +CONFIG_DIR= ${PREFIX}/etc/snort + pre-configure: @${ECHO} "" @${ECHO} "Set WITH_FLEXRESP, WITH_MYSQL, WITH_ODBC or WITH_POSTGRES" @@ -51,7 +53,7 @@ @${ECHO} "" post-install: - ${MKDIR} ${PREFIX}/share/snort + ${MKDIR} ${CONFIG_DIR} .for i in CREDITS RULES.SAMPLE USAGE attack-responses.rules backdoor.rules \ bad-traffic.rules ddos.rules dns.rules dos.rules exploit.rules \ finger.rules ftp.rules icmp.rules icmp-info.rules info.rules local.rules \ @@ -59,10 +61,10 @@ scan.rules shellcode.rules smtp.rules sql.rules telnet.rules tftp.rules \ virus.rules web-attacks.rules web-cgi.rules web-coldfusion.rules \ web-frontpage.rules web-iis.rules web-misc.rules x11.rules - ${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/snort + ${INSTALL_DATA} ${WRKSRC}/$i ${CONFIG_DIR}/ .endfor - ${INSTALL_DATA} ${WRKSRC}/classification.config ${PREFIX}/etc/classification.config-sample - ${INSTALL_DATA} ${WRKSRC}/snort.conf ${PREFIX}/etc/snort.conf-sample + ${INSTALL_DATA} ${WRKSRC}/classification.config ${CONFIG_DIR}/classification.config-sample + ${INSTALL_DATA} ${WRKSRC}/snort.conf ${CONFIG_DIR}/snort.conf-sample @${SED} -e 's#/usr/local#${PREFIX}#g' ${PKGMESSAGE} .include <bsd.port.mk> --- pkg-message.orig Mon Jan 14 13:05:25 2002 +++ pkg-message Mon Jan 14 13:05:44 2002 @@ -2,15 +2,15 @@ *********************************************************** Copy - /usr/local/etc/snort.conf-sample + /usr/local/etc/snort/snort.conf-sample to - /usr/local/etc/snort.conf + /usr/local/etc/snort/snort.conf and - /usr/local/etc/classification.config-sample + /usr/local/etc/snort/classification.config-sample to - /usr/local/etc/classification.config + /usr/local/etc/snort/classification.config and edit them to fit your needs. *********************************************************** --- pkg-plist.orig Sat Dec 1 05:03:57 2001 +++ pkg-plist Mon Jan 14 13:05:03 2002 @@ -1,40 +1,40 @@ bin/snort -etc/classification.config-sample -etc/snort.conf-sample -share/snort/CREDITS -share/snort/RULES.SAMPLE -share/snort/USAGE -share/snort/attack-responses.rules -share/snort/backdoor.rules -share/snort/bad-traffic.rules -share/snort/ddos.rules -share/snort/dns.rules -share/snort/dos.rules -share/snort/exploit.rules -share/snort/finger.rules -share/snort/ftp.rules -share/snort/icmp-info.rules -share/snort/icmp.rules -share/snort/info.rules -share/snort/local.rules -share/snort/misc.rules -share/snort/netbios.rules -share/snort/policy.rules -share/snort/porn.rules -share/snort/rpc.rules -share/snort/rservices.rules -share/snort/scan.rules -share/snort/shellcode.rules -share/snort/smtp.rules -share/snort/sql.rules -share/snort/telnet.rules -share/snort/tftp.rules -share/snort/virus.rules -share/snort/web-attacks.rules -share/snort/web-cgi.rules -share/snort/web-coldfusion.rules -share/snort/web-frontpage.rules -share/snort/web-iis.rules -share/snort/web-misc.rules -share/snort/x11.rules -@dirrm share/snort +etc/snort/classification.config-sample +etc/snort/snort.conf-sample +etc/snort/CREDITS +etc/snort/RULES.SAMPLE +etc/snort/USAGE +etc/snort/attack-responses.rules +etc/snort/backdoor.rules +etc/snort/bad-traffic.rules +etc/snort/ddos.rules +etc/snort/dns.rules +etc/snort/dos.rules +etc/snort/exploit.rules +etc/snort/finger.rules +etc/snort/ftp.rules +etc/snort/icmp-info.rules +etc/snort/icmp.rules +etc/snort/info.rules +etc/snort/local.rules +etc/snort/misc.rules +etc/snort/netbios.rules +etc/snort/policy.rules +etc/snort/porn.rules +etc/snort/rpc.rules +etc/snort/rservices.rules +etc/snort/scan.rules +etc/snort/shellcode.rules +etc/snort/smtp.rules +etc/snort/sql.rules +etc/snort/telnet.rules +etc/snort/tftp.rules +etc/snort/virus.rules +etc/snort/web-attacks.rules +etc/snort/web-cgi.rules +etc/snort/web-coldfusion.rules +etc/snort/web-frontpage.rules +etc/snort/web-iis.rules +etc/snort/web-misc.rules +etc/snort/x11.rules +@dirrm etc/snort [patch to add to files/] --- snort.c.orig Mon Jan 14 12:24:38 2002 +++ snort.c Mon Jan 14 12:33:01 2002 @@ -3191,7 +3191,7 @@ struct stat st; int found; int i; - char *conf_files[]={"/etc/snort.conf", "./snort.conf"}; + char *conf_files[]={"/usr/local/etc/snort/snort.conf", "/etc/snort.conf", "./snort.conf"}; char *fname = NULL; char *home_dir; char *tmp; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114184149.20CE020ACC>