FreeBSD Mail Archives

Date:      Mon, 14 Jan 2002 13:41:49 -0500 (EST)
From:      The Anarcat <anarcat@anarcat.dyndns.org>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        kris@freebsd.org, anarcat@anarcat.dyndns.org
Subject:   ports/33887: security/snort port cannot find its rule files
Message-ID:  <20020114184149.20CE020ACC@shall.anarcat.dyndns.org>

next in thread | raw e-mail | index | archive | help


>Number:         33887
>Category:       ports
>Synopsis:       security/snort port cannot find its rule files
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 14 10:50:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     The Anarcat
>Release:        FreeBSD 4.5-PRERELEASE i386
>Organization:
Nada, Inc.
>Environment:
System: FreeBSD shall.anarcat.dyndns.org 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2: Tue Jan 8 01:04:38 EST 2002 anarcat@shall.anarcat.dyndns.org:/usr/obj/usr/src/sys/SHALL i386

snort 1.8.3 port

>Description:

the snort port installs its configuration files in ${PREFIX}/etc and its
rule files in share/snort.

snort itself looks for its rules files in the same place as its
configuration file, or in the current directory.

>How-To-Repeat:

1- install the snort port
2- rename the configuration files appropriatly
3- run snort

it won't find its rules files unless you modify the configuration files.

>Fix:

Workaround:

s#include #include /usr/local/share/snort/#

in the configuration file.

Proper fix:

1: install the config and rules files in a seperate etc/snort/
directory

2: fix pkg-message and pkg-plist accordingly

3: snort itself also needs patching to detect the config file correctly

Note that this doesn't make snort PREFIX-independant yet, since it won't
be able to find the files in $PREFIX if it's not /usr/local/. But this
was also the case before. Heck, it couldn't even find its own config
file in /usr/local/etc/ at all!!!

--- Makefile.orig	Mon Jan 14 12:56:41 2002
+++ Makefile	Mon Jan 14 13:04:10 2002
@@ -44,6 +44,8 @@
 
 CONFIGURE_ENV+=	LDFLAGS="${LDFLAGS}"
 
+CONFIG_DIR=	${PREFIX}/etc/snort
+
 pre-configure:
 	@${ECHO} ""
 	@${ECHO} "Set WITH_FLEXRESP, WITH_MYSQL, WITH_ODBC or WITH_POSTGRES"
@@ -51,7 +53,7 @@
 	@${ECHO} ""
 
 post-install:
-	${MKDIR} ${PREFIX}/share/snort
+	${MKDIR} ${CONFIG_DIR}
 .for i in CREDITS RULES.SAMPLE USAGE attack-responses.rules backdoor.rules \
 	bad-traffic.rules ddos.rules dns.rules dos.rules exploit.rules \
 	finger.rules ftp.rules icmp.rules icmp-info.rules info.rules local.rules \
@@ -59,10 +61,10 @@
 	scan.rules shellcode.rules smtp.rules sql.rules telnet.rules tftp.rules \
 	virus.rules web-attacks.rules web-cgi.rules web-coldfusion.rules \
 	web-frontpage.rules web-iis.rules web-misc.rules x11.rules
-	${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/snort
+	${INSTALL_DATA} ${WRKSRC}/$i ${CONFIG_DIR}/
 .endfor
-	${INSTALL_DATA} ${WRKSRC}/classification.config ${PREFIX}/etc/classification.config-sample
-	${INSTALL_DATA} ${WRKSRC}/snort.conf ${PREFIX}/etc/snort.conf-sample
+	${INSTALL_DATA} ${WRKSRC}/classification.config ${CONFIG_DIR}/classification.config-sample
+	${INSTALL_DATA} ${WRKSRC}/snort.conf ${CONFIG_DIR}/snort.conf-sample
 	@${SED} -e 's#/usr/local#${PREFIX}#g' ${PKGMESSAGE}
 
 .include <bsd.port.mk>
--- pkg-message.orig	Mon Jan 14 13:05:25 2002
+++ pkg-message	Mon Jan 14 13:05:44 2002
@@ -2,15 +2,15 @@
 ***********************************************************
 Copy
 
-	/usr/local/etc/snort.conf-sample
+	/usr/local/etc/snort/snort.conf-sample
 to
-	/usr/local/etc/snort.conf
+	/usr/local/etc/snort/snort.conf
 
 and
 
-	/usr/local/etc/classification.config-sample
+	/usr/local/etc/snort/classification.config-sample
 to
-	/usr/local/etc/classification.config
+	/usr/local/etc/snort/classification.config
 
 and edit them to fit your needs.
 ***********************************************************
--- pkg-plist.orig	Sat Dec  1 05:03:57 2001
+++ pkg-plist	Mon Jan 14 13:05:03 2002
@@ -1,40 +1,40 @@
 bin/snort
-etc/classification.config-sample
-etc/snort.conf-sample
-share/snort/CREDITS
-share/snort/RULES.SAMPLE
-share/snort/USAGE
-share/snort/attack-responses.rules
-share/snort/backdoor.rules
-share/snort/bad-traffic.rules
-share/snort/ddos.rules
-share/snort/dns.rules
-share/snort/dos.rules
-share/snort/exploit.rules
-share/snort/finger.rules
-share/snort/ftp.rules
-share/snort/icmp-info.rules
-share/snort/icmp.rules
-share/snort/info.rules
-share/snort/local.rules
-share/snort/misc.rules
-share/snort/netbios.rules
-share/snort/policy.rules
-share/snort/porn.rules
-share/snort/rpc.rules
-share/snort/rservices.rules
-share/snort/scan.rules
-share/snort/shellcode.rules
-share/snort/smtp.rules
-share/snort/sql.rules
-share/snort/telnet.rules
-share/snort/tftp.rules
-share/snort/virus.rules
-share/snort/web-attacks.rules
-share/snort/web-cgi.rules
-share/snort/web-coldfusion.rules
-share/snort/web-frontpage.rules
-share/snort/web-iis.rules
-share/snort/web-misc.rules
-share/snort/x11.rules
-@dirrm share/snort
+etc/snort/classification.config-sample
+etc/snort/snort.conf-sample
+etc/snort/CREDITS
+etc/snort/RULES.SAMPLE
+etc/snort/USAGE
+etc/snort/attack-responses.rules
+etc/snort/backdoor.rules
+etc/snort/bad-traffic.rules
+etc/snort/ddos.rules
+etc/snort/dns.rules
+etc/snort/dos.rules
+etc/snort/exploit.rules
+etc/snort/finger.rules
+etc/snort/ftp.rules
+etc/snort/icmp-info.rules
+etc/snort/icmp.rules
+etc/snort/info.rules
+etc/snort/local.rules
+etc/snort/misc.rules
+etc/snort/netbios.rules
+etc/snort/policy.rules
+etc/snort/porn.rules
+etc/snort/rpc.rules
+etc/snort/rservices.rules
+etc/snort/scan.rules
+etc/snort/shellcode.rules
+etc/snort/smtp.rules
+etc/snort/sql.rules
+etc/snort/telnet.rules
+etc/snort/tftp.rules
+etc/snort/virus.rules
+etc/snort/web-attacks.rules
+etc/snort/web-cgi.rules
+etc/snort/web-coldfusion.rules
+etc/snort/web-frontpage.rules
+etc/snort/web-iis.rules
+etc/snort/web-misc.rules
+etc/snort/x11.rules
+@dirrm etc/snort

[patch to add to files/]
--- snort.c.orig	Mon Jan 14 12:24:38 2002
+++ snort.c	Mon Jan 14 12:33:01 2002
@@ -3191,7 +3191,7 @@
     struct stat st;
     int found;
     int i;
-    char *conf_files[]={"/etc/snort.conf", "./snort.conf"};
+    char *conf_files[]={"/usr/local/etc/snort/snort.conf", "/etc/snort.conf", "./snort.conf"};
     char *fname = NULL;
     char *home_dir;
     char *tmp;
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114184149.20CE020ACC>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation