Re: ipcop problems

Here's the latest:

---------------------------------------------------
There is 3 different issues.
On 1.4.14, ownership was not correct. Solution applied on 1.4.15 was
chown nobody:nobody /var/ipcop/snort/settings
  
On 1.4.16 from fresh install only, rights on /etc/snort/rules/web-misc.rules
are wrongly set after fixing some rules broken by 2.6.3 upgrade during build
Solution is
chown snort:snort /etc/snort/rules/web-misc.rules
  
No problem on upgrade from 1.4.15 to 1.4.16 as there the fix was correctly
applied.
  
Actually, snort.org is publishing rules on current branch that are not
compatible with snort-2.6.3
They do not supply a 2.6 branch for rules until recently.
You have to stop updating rules or adjust the branch in
/usr/local/bin/snortrules.pl or wait for 1.4.17 update release
Change my $rulesbranch="current"; in /usr/local/snortrules.pl to be
my $rulesbranch="2.6";
  
Gilles

-----------------------------------------------------------------------

-Dee

  _____

From: Jim Gribbin [mailto:jimgribbin@gmail.com]
To: W.D.McKinney [mailto:deem@wdm.com]
Cc: aklug@aklug.org
Sent: Tue, 13 Nov 2007 16:08:50 -0900
Subject: Re: ipcop problems

Sorry, I missed the term "snort" in there. Thought it the whole firewall
  stopped.
  
  W.D.McKinney wrote:
> Hi Folks,
> We are running an IPCOP box here for one of our domains, but snort quit working today. Anyone else similar problems ? I rebooted the box but it is saying it's stopped ?
>
> -Dee
>
>
    
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Nov 13 16:46:32 2007