FS#10775 - extra/snort - snort.conf references /usr/local instead of /usr, errors in conf.d/snort

Attached to Project: Arch Linux
Opened by Jonathan Liu (net147) - Saturday, 28 June 2008, 12:42 GMT
Last edited by Hugo Doria (hdoria) - Wednesday, 16 July 2008, 17:46 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Hugo Doria (hdoria)
Architecture All
Severity Medium
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Multiple bugs in snort.

In /etc/snort/snort.conf:
* Paths should reference /usr instead of /usr/local.

In /etc/conf.d/snort:
* USER, GROUP and INTERFACE variables are never used and are not assigned default variables in /etc/rc.d/snort for the case when /etc/conf.d/snort doesn't exist.
* "-l /var/log/snort" is added to SNORT_OPTIONS but it's not needed as that is the default option for -l anyway.
* SNORT_OPTIONS variable is never used. /etc/rc.d/snort references SNORT_ARGS not SNORT_OPTIONS.
* /etc/snort/snort.conf is not used as it is not specified using -c option. This can be fixed by adding "-c /etc/snort/snort.conf" as an argument to snort in SNORT_ARGS.

Additional info:
* Package: snort
* Package verison: 2.8.2.1-1

Steps to reproduce:
1. pacman -S snort
2. /etc/rc.d/snort start

Solution:
A patch for the PKGBUILD is attached that fixes these issues.
   snort.patch (1.6 KiB)
This task depends upon

Closed by  Hugo Doria (hdoria)
Wednesday, 16 July 2008, 17:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with snort-2.8.2.1-5. Im using Kessia's package. Community rules now works out of the box.
Comment by Greg (dolby) - Saturday, 28 June 2008, 13:23 GMT
Thats because its the file provided from upstream
Comment by Kessia Pinheiro (even) - Friday, 04 July 2008, 00:03 GMT
I confirm that. But I make other snort package, with some changes, fixing all problems and keeping arguments in /etc/conf.d/snort. I report that in arch-general too: http://archlinux.org/pipermail/arch-general/2008-July/018209.html

I made a new package, in that all work out of box, with the community rules only. Maybe can be better.
(application/octet-stream)    snort.tar.gz (3.4 KiB)
Comment by Jonathan Liu (net147) - Wednesday, 09 July 2008, 03:15 GMT
Having community rules working out of the box is great.
It might be a good idea to provide the default snort.conf provided by upstream patched with the correct paths and installed as snort.conf.default or similar.
So in addition to having the community rules working by default, the user may easily switch to using the default rules if desired.

Loading...