Snort package doesn't install binary?

  • I'm pretty new to all this, but I've installed the latest development version:

    2.1-DEVELOPMENT (i386)
    built on Sat Apr 7 21:25:07 EDT 2012
    FreeBSD 8.3-RC2

    And I'm having some problems trying to install the Snort package. (Services: Snort 2.9.1 pkg v. 2.1.1) It installs successfully, I can configure it with my oink code, it updates, everything looks good from the GUI, but the service never starts.

    Trying to start the service from ssh gives:

    # /usr/local/etc/rc.d/ start
    rm: /var/run/ No such file or directory
    /usr/local/etc/rc.d/ /usr/local/bin/snort: not found

    So, it looks like it can't find the actual snort binary. I've looked myself and it doesn't seem to be there.

    # find / | grep snort | grep bin

    Interestingly, pkg-info says:

    bsdinstaller-2.0.2011.1212 BSD Installer mega-package
    gettext-    GNU gettext package
    grub-0.97_4         GRand Unified Bootloader
    libiconv-1.13.1_1   A character set conversion library

    Yet, I have the following packages installed:
    cron, file manager, ntop, open-vm-tools-8.8.1, pfblocker, widescreen

    I've tried uninstalling it and reinstalling it several times, nothing seems out of place from the GUI, no errors given anywhere including the system log. Here's the log entries (newest to oldest) since the last install of the package:

    Apr 8 12:05:12 	SnortStartup[12863]: Snort HARD START For 28873_em0...
    Apr 8 11:45:00 	SnortStartup[53809]: Snort HARD START For 28873_em0...
    Apr 8 10:32:11 	SnortStartup[15202]: Interface Rule START for 0_28873_em0...
    Apr 8 10:32:11 	SnortStartup[10904]: Toggle for 28873_em0...
    Apr 8 10:32:04 	check_reload_status: Syncing firewall
    Apr 8 10:30:11 	check_reload_status: Syncing firewall
    Apr 8 10:29:27 	check_reload_status: Syncing firewall
    Apr 8 10:29:27 	check_reload_status: Reloading filter
    Apr 8 10:29:17 	check_reload_status: Syncing firewall
    Apr 8 10:29:16 	php: /pkg_mgr_install.php: Beginning package installation for snort .

    Anyone know what's going on here?

  • IMHO I would not start with a Dev version. You'll not know if you are running into a transient bug or a config issue.

    Make sure that you are FireFox for install and uninstall. Try re-installing the package.

  • Since packages were changed over to PBIs, a few of them have binary issues still. They'll be fixed as time permits.

  • So, in case anyone else has installed the dev version and wants snort, the way I managed to get it installed is by uninstalling everything, then installing an older, TBZ based version from the shell, then installing the current package from the web UI.

    pkg_add -r

    I'm not sure if that's a good idea - it's still using the binary - but it does in fact seem to work. I don't have a "categories" or "rules" tab in the snort configuration such as I see in documentation, but I don't know if that's normal or not.

Log in to reply