LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Snort won't start at boot (https://www.linuxquestions.org/questions/linux-software-2/snort-wont-start-at-boot-577259/)

marco18 08-15-2007 08:19 AM
Snort won't start at boot
 
Hi! This is a particular problem, I configured SuSE to run snort at boot time. It shows in the bootlog the starting of snort "OK" but it just doesn't start. In fact, if I got to Yast to start the service manually, it starts perfectly, so I assume it is not a script problem. I installed it with Yast from a repository.

Could anyone give me any suggestions??

unSpawn 08-15-2007 03:38 PM
What happens if you start Snort from the commandline with all the necessary arguments and adding "-T" (test mode) to that? What does (wherever Snort logs to) say?

marco18 08-17-2007 08:11 PM
Ouch! It seemed that there was a line in the snort.conf that wasn't making any sense at all. That was the reason why snort couldn't start on boot. Thanks for your advice! I really appreciate it, now my system is much safe.:)

marco18 08-19-2007 02:01 PM
Sorry for reopening this thread, but I'm having the same problem without changing anything. I am going crazy!!

The output of the command you suggested me is doesn't report any problems.

I provide you with the snort config files:

Code:
## Path:        Network/Monitors/Snort
## Description: System wide configuration file for the snort daemon
## Type:        string(eth0)
## Default:    eth0
## ServiceRestart: snort

# put here the interface you whish snort to monitor
# please note that the startup script
# will also modify /etc/snort/snort.conf to reflect this
# Note: this interface better be up before starting snort!
SNORT_INTERFACE="eth0"

## Type:        yesno
## Default:    no
# set ACTIVATE to 'yes' if you want snort to be run everytime
# the INTERFACE goes up. If you really want to use snort, you
# should set this to 'yes'.
# the init script can also be used to toggle this setting
SNORT_ACTIVATE="yes"

## Type:        yesno
## Default:    yes
# setting AUTO to 'yes' will have the startup script change the
# HOME_NET variable in /etc/snort/snort.conf to the INTERFACE's
# address everytime snort is started via the init script
# i.e., it will change the line
# var HOME_NET blabla
# to
# var HOME_NET $eth0_ADDRESS
# if INTERFACE were set to eth0
# If you want more control over snort's behaviour, set this to 'no'
SNORT_AUTO="no"

## Type:        yesno
## Default:    no
# 'yes' will put the interface in promiscuous mode, anything
# else will disable this
SNORT_PROMISC="no"

## Type:        string(snort)
## Default:    snort
# user/group privileges with which snort should run
# Unless you are going to use flexresp, don't change these,
# because currently (1.8.7b) flexresp needs root privileges
SNORT_USER="snort"
## Type:        string(snort)
## Default:    snort
SNORT_GROUP="snort"

## Type:        string
## Default:    ""
# extra parameters. These are inserted at the end of snort's command
# line. Please do not repeat options already used, check the startup
# script if in doubt
SNORT_EXTRA_OPTIONS=""
The /etc/snort/snort.conf has the following (few lines):

Code:
var HOME_NET any

var EXTERNAL_NET any
I hope this can help to find the problem. Thanks again!


All times are GMT -5. The time now is 11:50 PM.