Snort fatal error after upgrade - Stream5



  • I upgraded to 2.8.6.1 pkg v. 2.0 (in the package manager) or Snort 2.9.0.5 pkg v. 2.0 (in the snort settings) today, and am unable to start the interface.  I am getting the following error

    FATAL ERROR: /usr/local/etc/snort/snort_3172_re2/snort.conf(156) => Invalid Stream5 TCP policy option

    The Stream5 settings are empty/default.



  • Wait 10 minutes and upgrade again.
    Just caught a bad moment :S



  • Ok thanks.

    Pfsense
    Current version: 2.0-RC2
          Built On: Mon May 30 01:15:07 EDT 2011



  • Now getting

    snort[60921]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_3172_re2//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.

    path looks invalid - is it best just to revert back to the old version for now?



  • antilog,

    uninstall and then install snort… also what platform are you running btw?

    and make sure you update yours rules.



  • I am also getting this after reinstall just little while ago; running 2.0-RC3  (i386)
    built on Mon Sep 5 04:07:51 EDT 2011

    Sep 5 23:01:28 SnortStartup[42513]: Interface Rule START for 0_9940_xl0…
    Sep 5 23:01:28 snort[42475]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
    Sep 5 23:01:28 snort[42475]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.

    It was running fine until I did the reinstall.  Not sure if this is a new problem or something going on with the rule updates - have two systems showing same issue but different message.  Let me know if you need more info.

    • Noticed the other message was different before I deselected the rules for web-misc.rules  * Sep 5 22:54:52 SnortStartup[9331]: Snort HARD Reload For 29323_bge1…
      Sep 5 22:54:52 snort[2966]: FATAL ERROR: /usr/local/etc/snort/snort_29323_bge1/snort.conf(377) Invalid configuration line: ULE_PATH/snort_web-misc.rules
      Sep 5 22:54:52 snort[2966]: FATAL ERROR: /usr/local/etc/snort/snort_29323_bge1/snort.conf(377) Invalid configuration line: ULE_PATH/snort_web-misc.rules
    • After deselect I get this - Sep 5 23:07:33 SnortStartup[39776]: Interface Rule START for 0_29323_bge1…
      Sep 5 23:07:33 snort[39436]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_29323_bge1//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
      Sep 5 23:07:33 snort[39436]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_29323_bge1//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.

    Thanks for the help and the great work on the package.  I love it when it works ;) …



  • I put some checks to prevent this.
    Though my first guess would be you have to do a full package reinstall.



  • Thanks ermal;  I tried just a reinstall and same thing -  I'll try uninstall and reinstall.

    Sep 6 07:02:13 SnortStartup[18678]: Snort HARD Reload For 9940_xl0…
    Sep 6 07:02:13 snort[18463]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
    Sep 6 07:02:13 snort[18463]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_9940_xl0//usr/local/etc/snort/preproc_rules/preprocessor.rules": No such file or directory.
    Sep 6 07:02:13 snort[18463]: Search-Method = AC-Sparse-Bands
    Sep 6 07:02:13 snort[18463]: Search-Method = AC-Sparse-Bands
    Sep 6 07:02:13 snort[18463]: Detection:
    Sep 6 07:02:13 snort[18463]: Detection:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 6503:6504 ]
    Sep 6 07:02:13 snort[18463]: [ 6503:6504 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_BRIGHTSTORE' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 2103 2105 2107 ]
    Sep 6 07:02:13 snort[18463]: [ 2103 2105 2107 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_TCP' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_TCP' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 135 593 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: [ 135 593 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_SHORT' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 135 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: [ 135 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_UDP_LONG' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 135 139 445 593 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: [ 135 139 445 593 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_LONG' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 138 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: [ 138 1024:65535 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCADG_IP_UDP' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 139 445 ]
    Sep 6 07:02:13 snort[18463]: [ 139 445 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DCERPC_NCACN_IP_TCP' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 5060:5090 16384:32768 ]
    Sep 6 07:02:13 snort[18463]: [ 5060:5090 16384:32768 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SIP_PROXY_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SIP_PROXY_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 443 465 563 636 989:990 992:995 ]
    Sep 6 07:02:13 snort[18463]: [ 443 465 563 636 989:990 992:995 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SSL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SSL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 25 143 465 691 ]
    Sep 6 07:02:13 snort[18463]: [ 25 143 465 691 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'MAIL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'MAIL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 23 ]
    Sep 6 07:02:13 snort[18463]: [ 23 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'TELNET_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'TELNET_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 44 ]
    Sep 6 07:02:13 snort[18463]: [ 44 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SSH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SSH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 161 ]
    Sep 6 07:02:13 snort[18463]: [ 161 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SNMP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SNMP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 25 ]
    Sep 6 07:02:13 snort[18463]: [ 25 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SMTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SMTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 139 445 ]
    Sep 6 07:02:13 snort[18463]: [ 139 445 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SMB_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SMB_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 514 ]
    Sep 6 07:02:13 snort[18463]: [ 514 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'RSH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'RSH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 513 ]
    Sep 6 07:02:13 snort[18463]: [ 513 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'RLOGIN_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'RLOGIN_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 111 32770:32779 ]
    Sep 6 07:02:13 snort[18463]: [ 111 32770:32779 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SUNRPC_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SUNRPC_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 110 ]
    Sep 6 07:02:13 snort[18463]: [ 110 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'POP3_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'POP3_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 109 ]
    Sep 6 07:02:13 snort[18463]: [ 109 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'POP2_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'POP2_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 119 ]
    Sep 6 07:02:13 snort[18463]: [ 119 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'NNTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'NNTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 1433 ]
    Sep 6 07:02:13 snort[18463]: [ 1433 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'MSSQL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'MSSQL_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 6665:6669 7000 ]
    Sep 6 07:02:13 snort[18463]: [ 6665:6669 7000 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'IRC_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'IRC_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 143 ]
    Sep 6 07:02:13 snort[18463]: [ 143 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'IMAP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'IMAP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 21 ]
    Sep 6 07:02:13 snort[18463]: [ 21 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'FTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'FTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 79 ]
    Sep 6 07:02:13 snort[18463]: [ 79 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'FINGER_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'FINGER_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 53 ]
    Sep 6 07:02:13 snort[18463]: [ 53 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'DNS_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'DNS_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 113 ]
    Sep 6 07:02:13 snort[18463]: [ 113 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'AUTH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'AUTH_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 1521 ]
    Sep 6 07:02:13 snort[18463]: [ 1521 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'ORACLE_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'ORACLE_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 0:79 81:65535 ]
    Sep 6 07:02:13 snort[18463]: [ 0:79 81:65535 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'SHELLCODE_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'SHELLCODE_PORTS' defined :
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: [ 80 ]
    Sep 6 07:02:13 snort[18463]: [ 80 ]
    Sep 6 07:02:13 snort[18463]: PortVar 'HTTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: PortVar 'HTTP_PORTS' defined :
    Sep 6 07:02:13 snort[18463]: Parsing Rules file "/usr/local/etc/snort/snort_9940_xl0/snort.conf"
    Sep 6 07:02:13 snort[18463]: Parsing Rules file "/usr/local/etc/snort/snort_9940_xl0/snort.conf"
    Sep 6 07:02:13 snort[18463]: Initializing Plug-ins!
    Sep 6 07:02:13 snort[18463]: Initializing Plug-ins!
    Sep 6 07:02:13 snort[18463]: Initializing Preprocessors!
    Sep 6 07:02:13 snort[18463]: Initializing Preprocessors!
    Sep 6 07:02:13 snort[18463]: Initializing Output Plugins!
    Sep 6 07:02:13 snort[18463]: Initializing Output Plugins!
    Sep 6 07:02:13 snort[18463]: –== Initializing Snort ==--
    Sep 6 07:02:13 snort[18463]: –== Initializing Snort ==--
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]:
    Sep 6 07:02:13 snort[18463]: Running in IDS mode
    Sep 6 07:02:13 snort[18463]: Running in IDS mode
    Sep 6 07:02:13 snort[18463]: Found pid path directive (/var/log/snort/run)
    Sep 6 07:02:13 snort[18463]: Found pid path directive (/var/log/snort/run)
    Sep 6 07:02:12 SnortStartup[15572]: Snort Startup files Sync…
    Sep 6 07:01:40 dhclient: Creating resolv.conf
    Sep 6 07:01:40 dhclient: RENEW
    Sep 6 06:58:40 root: Countryblock was found not running
    Sep 6 06:58:33 check_reload_status: Syncing firewall
    Sep 6 06:58:33 check_reload_status: Reloading filter
    Sep 6 06:58:33 check_reload_status: Syncing firewall
    Sep 6 06:58:22 php: /pkg_mgr_install.php: Beginning package installation for snort.



  • Uninstall and reinstall took care of it - it's running again.  Thanks for your help ermal !!


Log in to reply