[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: snort + promisc eth1 problems

Fabiano Petrone wrote:
> hello Everybody
> I've installed a snort box (yum install snort & snort-mysql) on FC7 with
> 2 NICs:
> eth0 (
> eth1 ( in promisc mode ***only*** dedicated to snort sinffing
> all seems ok but still 2 problems persists:
> 1)what's the better way for putting eth1 on promisc mode on startup?
> I've thought to edit /etc/sysconfig/networking/devices/ifcfg-eth1 adding
> the line:
> PROMISC=yes but it doesnt't go.
> "ifconfig eth1 promisc" is the only solution?
From /usr/share/doc/initscripts-8.45.7/sysconfig.txt

    No longer supported:
     PROMISC=yes|no (enable or disable promiscuous mode)
     ALLMULTI=yes|no (enable or disable all-multicast mode)

     To properly set these, use the packet socket interface.

> 2)I've modified /etc/rc.d/init.d/snortd adapting it to the snort-mysql
> binary:
> #!/bin/sh
> #
> # snortd         Start/Stop the snort IDS daemon.
> #
> # chkconfig: 2345 40 60
> # description:  snort is a lightweight network intrusion detection tool
> that
<----------------------------[ snip ]----------------->
> pratically I've substituted "snort-mysql" with "snort" and deleted the "
> -A fast" option.
> This script is launched without problem at the FC7 very startup (as I
> can see from the console)
> but after the login, "service snortd status" replies "snort-mysql is
> stopped".
> everyway, "service snortd start" goes OK without problem..
> thanks a lot in advance for your help,
> fabianope
Are you starting snort or snort-mysql as it says in the script? If
you are using snort-mysql then you are going to want to change the
start order so that snort-mysql starts after mysql.

# chkconfig: 2345 40 60
# chkconfig: 2345 64 35

because mysql uses:
# chkconfig: - 64 36

You probably have an error message in the logs about the mysql
server not running or that snort could not connect to it.


  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]