LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-15-2007, 08:19 AM   #1
marco18
Member
 
Registered: Jul 2007
Location: Argentina
Distribution: Ubuntu 13.04 , Debian Lenny 5.0.7
Posts: 223

Rep: Reputation: 21
Snort won't start at boot


Hi! This is a particular problem, I configured SuSE to run snort at boot time. It shows in the bootlog the starting of snort "OK" but it just doesn't start. In fact, if I got to Yast to start the service manually, it starts perfectly, so I assume it is not a script problem. I installed it with Yast from a repository.

Could anyone give me any suggestions??
 
Old 08-15-2007, 03:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
What happens if you start Snort from the commandline with all the necessary arguments and adding "-T" (test mode) to that? What does (wherever Snort logs to) say?
 
Old 08-17-2007, 08:11 PM   #3
marco18
Member
 
Registered: Jul 2007
Location: Argentina
Distribution: Ubuntu 13.04 , Debian Lenny 5.0.7
Posts: 223

Original Poster
Rep: Reputation: 21
Ouch! It seemed that there was a line in the snort.conf that wasn't making any sense at all. That was the reason why snort couldn't start on boot. Thanks for your advice! I really appreciate it, now my system is much safe.
 
Old 08-19-2007, 02:01 PM   #4
marco18
Member
 
Registered: Jul 2007
Location: Argentina
Distribution: Ubuntu 13.04 , Debian Lenny 5.0.7
Posts: 223

Original Poster
Rep: Reputation: 21
Sorry for reopening this thread, but I'm having the same problem without changing anything. I am going crazy!!

The output of the command you suggested me is doesn't report any problems.

I provide you with the snort config files:

Code:
## Path:        Network/Monitors/Snort
## Description: System wide configuration file for the snort daemon
## Type:        string(eth0)
## Default:     eth0
## ServiceRestart: snort

# put here the interface you whish snort to monitor
# please note that the startup script
# will also modify /etc/snort/snort.conf to reflect this
# Note: this interface better be up before starting snort!
SNORT_INTERFACE="eth0"

## Type:        yesno
## Default:     no
# set ACTIVATE to 'yes' if you want snort to be run everytime
# the INTERFACE goes up. If you really want to use snort, you
# should set this to 'yes'.
# the init script can also be used to toggle this setting
SNORT_ACTIVATE="yes"

## Type:        yesno
## Default:     yes
# setting AUTO to 'yes' will have the startup script change the
# HOME_NET variable in /etc/snort/snort.conf to the INTERFACE's
# address everytime snort is started via the init script
# i.e., it will change the line
# var HOME_NET blabla
# to
# var HOME_NET $eth0_ADDRESS
# if INTERFACE were set to eth0
# If you want more control over snort's behaviour, set this to 'no'
SNORT_AUTO="no"

## Type:        yesno
## Default:     no
# 'yes' will put the interface in promiscuous mode, anything
# else will disable this
SNORT_PROMISC="no"

## Type:        string(snort)
## Default:     snort
# user/group privileges with which snort should run
# Unless you are going to use flexresp, don't change these,
# because currently (1.8.7b) flexresp needs root privileges
SNORT_USER="snort"
## Type:        string(snort)
## Default:     snort
SNORT_GROUP="snort"

## Type:        string
## Default:     ""
# extra parameters. These are inserted at the end of snort's command
# line. Please do not repeat options already used, check the startup
# script if in doubt
SNORT_EXTRA_OPTIONS=""
The /etc/snort/snort.conf has the following (few lines):

Code:
var HOME_NET any

var EXTERNAL_NET any
I hope this can help to find the problem. Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort cannot start at boot time Peter_APIIT Linux - Server 2 03-28-2007 01:55 AM
snort start error zuessh Linux - Security 5 01-11-2006 04:04 PM
Snort start problem... Palula Linux - Software 2 01-05-2006 10:09 PM
Cannot get snort to start hywaydave23 Linux - Security 4 09-11-2005 08:28 AM
Snort won't start tarballedtux Linux - Security 6 10-26-2002 07:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration