Fabiano Petrone wrote: > hello Everybody > > I've installed a snort box (yum install snort & snort-mysql) on FC7 with > 2 NICs: > eth0 (192.168.0.50) > eth1 (192.168.0.51) in promisc mode ***only*** dedicated to snort sinffing > > all seems ok but still 2 problems persists: > > 1)what's the better way for putting eth1 on promisc mode on startup? > I've thought to edit /etc/sysconfig/networking/devices/ifcfg-eth1 adding > the line: > PROMISC=yes but it doesnt't go. > "ifconfig eth1 promisc" is the only solution? > From /usr/share/doc/initscripts-8.45.7/sysconfig.txt No longer supported: PROMISC=yes|no (enable or disable promiscuous mode) ALLMULTI=yes|no (enable or disable all-multicast mode) To properly set these, use the packet socket interface. > 2)I've modified /etc/rc.d/init.d/snortd adapting it to the snort-mysql > binary: > > #!/bin/sh > # > # snortd Start/Stop the snort IDS daemon. > # > # chkconfig: 2345 40 60 > # description: snort is a lightweight network intrusion detection tool > that <----------------------------[ snip ]-----------------> > > pratically I've substituted "snort-mysql" with "snort" and deleted the " > -A fast" option. > This script is launched without problem at the FC7 very startup (as I > can see from the console) > but after the login, "service snortd status" replies "snort-mysql is > stopped". > everyway, "service snortd start" goes OK without problem.. > > > thanks a lot in advance for your help, > > fabianope > Are you starting snort or snort-mysql as it says in the script? If you are using snort-mysql then you are going to want to change the start order so that snort-mysql starts after mysql. # chkconfig: 2345 40 60 to # chkconfig: 2345 64 35 because mysql uses: # chkconfig: - 64 36 You probably have an error message in the logs about the mysql server not running or that snort could not connect to it. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Description: OpenPGP digital signature