Snort Package 3.2.9.6_1 Notes



  • Users of Snort will notice an update for the package to version 3.2.9.6_1.  This update only includes a binary fix for users of the Netgate SG-3100 appliance.  There are no GUI changes and no binary changes for Intel x86-based users.

    So unless you want to run Snort on the SG-3100 appliance from Netgate, there is no compelling reason to upgrade to the 3.2.9.6_1 Snort package.

    Bill



  • During update …
    You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

    Only the one with the unicode.map file seems to be wrong…
    FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.



  • @locutus44:

    During update …
    You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

    Only the one with the unicode.map file seems to be wrong…
    FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.

    Something got really messed up with your install/uninstall process.  Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals).  I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib.  After this manual cleanup, install the Snort package again from Package Manager.

    Bill



  • @bmeeks:

    @locutus44:

    During update …
    You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
    You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

    Only the one with the unicode.map file seems to be wrong…
    FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.

    Something got really messed up with your install/uninstall process.  Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals).  I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib.  After this manual cleanup, install the Snort package again from Package Manager.

    Bill

    Hi Bill, just for a point of reference, mine had the same "manually remove" messages from above when I ran the update to 3.2.9.6_1.
    Vidmo



  • +1. I too encountered the "manual remove" messages and I never touched the automated installation. I do not recall whether I had the fatal error. Snort seems to work just fine but I may follow the instruction to remove and reinstall for good measure.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy