Snort 2.9.2.3 pkg v. 2.4.2 Issues
-
@ermal:
Fixed even blocked page.
Just reinstall, with a new binary.I can confirm the alert descriptions on the blocked page are back and working. Thanks Ermal!
-
Ermal, on AMD64, 2.0.1 (this time a reinstall of 2.4.2 instead of the usual "clean" install I've been doing):
1. Alert descriptions are back visible on blocked IP
2. 2nd Interface alerts can now be cleared..and the interface is now staying active when selected.
3. Love the new categories (select all) and add to suppress features.
4. Issue with 2nd interface stopping after reboot is still there.```
Jul 15 20:52:03 snort[35121]: FATAL ERROR: Unable to load pf args: Interrupted system callThis is going on with two seperate installations, both AMD64, 2.0.1 Awesome work sir. I am sending $$$ your way. Cheers, Dennis. -
@ermal:
BTW, where are my donations?
For those who want to donate please go to http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77
Done.. It's been a while so feeling bad about it. Best home router ever!
Hoping people who use it for business contribute a lot more than me.
-
@ermal:
BTW, where are my donations?
For those who want to donate please go to http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77
So far, so good. I've sent a donation your way and look forward to future improvements.
Thanks
-
Should be fixed the other issues.
-
Ermal, on AMD64, 2.0.1 (this time a reinstall of 2.4.2 instead of the usual "clean" install I've been doing):
4. Issue with 2nd interface stopping after reboot is still there.```
Jul 15 20:52:03 snort[35121]: FATAL ERROR: Unable to load pf args: Interrupted system callJust make sure you reinstall the snort binary again.
Usually that comes up from snort reloading and that should be fixed on new binary.This is going on with two seperate installations, both AMD64, 2.0.1
Awesome work sir. I am sending $$$ your way.
Cheers,
Dennis.Thank you for the contributions.
-
Snort won't start if I disable "Sensitive data" preproc
Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'. Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'. -
@ermal:
@HOD:
I did a complete reinstall of snort (10min ago) and i have the same error of my last post.
snort[23088]: FATAL ERROR: s2c_parse_load_wl() => Invalid data in whitelist file: Invalid argument
@ermal:
For all the others having issues with blocking please whenever you have system log of 'unable to parse', get the file under the /usr/local/etc/snort/snort_$iface*/$whitelistname and post it here.
cat /usr/local/etc/snort/snort_18407_pppoe0/whitlsit
suppress gen_id 119, sig_id 2
suppress gen_id 119, sig_id 31
suppress gen_id 119, sig_id 32
suppress gen_id 120, sig_id 3
suppress gen_id 120, sig_id 6
suppress gen_id 120, sig_id 8
suppress gen_id 120, sig_id 10
suppress gen_id 122, sig_id 26
suppress gen_id 137, sig_id 1greetz HOD
EDIT: my System 2.0.1-RELEASE (amd64) Snort 2.9.2.3 pkg v. 2.4.2
This should have been fixed also.
HOD can yo uconfirm that you have the same name for the suppress and whitelist selected?Confirm it was the same name. Thx for fixing this.
Snort won't start if I disable "Sensitive data" preproc
Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'. Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'.I got the same error.
-
Snort won't start if I disable "Sensitive data" preproc
Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'. Jul 16 10:32:22 snort[3755]: FATAL ERROR: /usr/local/etc/snort/preproc_rules/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'.Fixed.
-
Nice work Ermal! I see IPv6 interface IPs are added and you change the whitelist to use Aliases.. Nice touch!!
Alert page looks really sharp, nanosec are gone :-) oh, and custom rules? That should be interesting… I'll play with that in a couple of weeks.
was about to report the sensitive data issue but you fixed it ;-)
thank you again..
FYI, when I fully uninstall, here is what is left over:
/tmp/snort.info /tmp/snort_update.log /usr/local/lib/snort/dynamicengine /usr/local/lib/snort/dynamicrules/bad-traffic.so /usr/local/lib/snort/dynamicrules/web-iis.so /usr/local/lib/snort/dynamicrules/web-client.so /usr/local/lib/snort/dynamicrules/web-activex.so /usr/local/lib/snort/dynamicrules/specific-threats.so /usr/local/lib/snort/dynamicrules/snmp.so /usr/local/lib/snort/dynamicrules/smtp.so /usr/local/lib/snort/dynamicrules/p2p.so /usr/local/lib/snort/dynamicrules/nntp.so /usr/local/lib/snort/dynamicrules/netbios.so /usr/local/lib/snort/dynamicrules/multimedia.so /usr/local/lib/snort/dynamicrules/misc.so /usr/local/lib/snort/dynamicrules/imap.so /usr/local/lib/snort/dynamicrules/icmp.so /usr/local/lib/snort/dynamicrules/exploit.so /usr/local/lib/snort/dynamicrules/dos.so /usr/local/lib/snort/dynamicrules/chat.so /usr/local/lib/snort/dynamicrules/web-misc.so /usr/local/lib/snort/dynamicrules /usr/local/lib/snort/dynamic_preproc /usr/local/lib/snort/dynamicpreprocessor /usr/local/lib/snort rm: /usr/local/lib/snort/dynamicengine: No such file or directory rm: /usr/local/lib/snort/dynamicrules: No such file or directory rm: /usr/local/lib/snort/dynamicrules/bad-traffic.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/web-iis.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/web-client.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/web-activex.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/specific-threats.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/snmp.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/smtp.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/p2p.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/nntp.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/netbios.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/multimedia.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/misc.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/imap.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/icmp.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/exploit.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/dos.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/chat.so: No such file or directory rm: /usr/local/lib/snort/dynamicrules/web-misc.so: No such file or directory rm: /usr/local/lib/snort/dynamic_preproc: No such file or directory rm: /usr/local/lib/snort/dynamicpreprocessor: No such file or directory /usr/local/share/examples/snort /usr/local/share/licenses/snort-2.9.2.3 /usr/local/include/snort/dynamic_preproc /usr/local/include/snort rm: /usr/local/include/snort/dynamic_preproc: No such file or directory /usr/local/src/snort_dynamicsrc /var/db/pbi/.hashqueue/snort-2.9.2.3-i386 -
It is not fixed for my 2.0.1 system. I deleted the package an every file with snort in its name before reinstallation.
Still the same warning in 2.5.0 -
It is not fixed for my 2.0.1 system. I deleted the package an every file with snort in its name before reinstallation.
Still the same warning in 2.5.0did you reinstall?