Unable to start snort on VPS [CLOSED]

All about Snort integration in Artica

Unable to start snort on VPS [CLOSED]

New postby Friend7 » Sun Jun 05, 2011 4:22 am

Hello,

My NICs are working fine on both VPSs.

But I cannot Activate the Intrusion detection system.

Best Regards,

Image

Image
Last edited by Friend7 on Mon Jun 13, 2011 4:34 am, edited 6 times in total.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Activation Problem [OPEN]

New postby admin » Sun Jun 05, 2011 12:47 pm

you must enable the snort service before
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Activation Problem [OPEN]

New postby Friend7 » Sun Jun 05, 2011 3:31 pm

Hello,

I may have problems with venet0. The Servers are on VPS/OpenVZ virtualization.

Best Regards,
Last edited by Friend7 on Mon Jun 06, 2011 12:40 am, edited 2 times in total.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Activation Problem [OPEN]

New postby admin » Sun Jun 05, 2011 4:34 pm

You have saving the vnet0 to 127.0.0.1 do you think it is a good IP ?? :x
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Activation Problem [OPEN]

New postby Friend7 » Sun Jun 05, 2011 7:15 pm

Hello,

I may have problems with venet0. The Servers are on VPS/OpenVZ virtualization.

It was tested on real public dedicated ip

Best Regards

A VPS container gets access to a virtual Ethernet device venet0 which links them
to the network card eth0 on the physical server.




Image

Image

Starting......: Snort Daemon for Interface "venet0" failed

Code: Select all
Starting......: Snort Daemon building configuration...
   Starting......: Snort Daemon version 2.9.0.5 ()
   Starting......: Snort Daemon HOME_NET
   Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
   Starting......: Snort Daemon adding rule attack-responses.rules
   Starting......: Snort Daemon adding rule backdoor.rules
   Starting......: Snort Daemon adding rule bad-traffic.rules
   Starting......: Snort Daemon adding rule blacklist.rules
   Starting......: Snort Daemon adding rule botnet-cnc.rules
   Starting......: Snort Daemon adding rule chat.rules
   Starting......: Snort Daemon adding rule content-replace.rules
   Starting......: Snort Daemon adding rule ddos.rules
   Starting......: Snort Daemon adding rule deleted.rules
   Starting......: Snort Daemon adding rule dns.rules
   Starting......: Snort Daemon adding rule dos.rules
   Starting......: Snort Daemon adding rule experimental.rules
   Starting......: Snort Daemon adding rule exploit.rules
   Starting......: Snort Daemon adding rule finger.rules
   Starting......: Snort Daemon adding rule ftp.rules
   Starting......: Snort Daemon adding rule icmp-info.rules
   Starting......: Snort Daemon adding rule icmp.rules
   Starting......: Snort Daemon adding rule imap.rules
   Starting......: Snort Daemon adding rule info.rules
   Starting......: Snort Daemon adding rule local.rules
   Starting......: Snort Daemon adding rule misc.rules
   Starting......: Snort Daemon adding rule multimedia.rules
   Starting......: Snort Daemon adding rule mysql.rules
   Starting......: Snort Daemon adding rule netbios.rules
   Starting......: Snort Daemon adding rule nntp.rules
   Starting......: Snort Daemon adding rule oracle.rules
   Starting......: Snort Daemon adding rule other-ids.rules
   Starting......: Snort Daemon adding rule p2p.rules
   Starting......: Snort Daemon adding rule phishing-spam.rules
   Starting......: Snort Daemon adding rule policy.rules
   Starting......: Snort Daemon adding rule pop2.rules
   Starting......: Snort Daemon adding rule pop3.rules
   Starting......: Snort Daemon adding rule rpc.rules
   Starting......: Snort Daemon adding rule rservices.rules
   Starting......: Snort Daemon adding rule scada.rules
   Starting......: Snort Daemon adding rule scan.rules
   Starting......: Snort Daemon adding rule shellcode.rules
   Starting......: Snort Daemon adding rule smtp.rules
   Starting......: Snort Daemon adding rule snmp.rules
   Starting......: Snort Daemon adding rule specific-threats.rules
   Starting......: Snort Daemon adding rule spyware-put.rules
   Starting......: Snort Daemon adding rule sql.rules
   Starting......: Snort Daemon adding rule telnet.rules
   Starting......: Snort Daemon adding rule tftp.rules
   Starting......: Snort Daemon adding rule virus.rules
   Starting......: Snort Daemon adding rule voip.rules
   Starting......: Snort Daemon adding rule web-activex.rules
   Starting......: Snort Daemon adding rule web-attacks.rules
   Starting......: Snort Daemon adding rule web-cgi.rules
   Starting......: Snort Daemon adding rule web-client.rules
   Starting......: Snort Daemon adding rule web-coldfusion.rules
   Starting......: Snort Daemon adding rule web-frontpage.rules
   Starting......: Snort Daemon adding rule web-iis.rules
   Starting......: Snort Daemon adding rule web-misc.rules
   Starting......: Snort Daemon adding rule web-php.rules
   Starting......: Snort Daemon adding rule x11.rules
   Starting......: Snort Daemon Testing configuration....
   Starting......: Snort Daemon building configuration done...
   Starting......: Snort Daemon for Interface "venet0"...
   Starting......: Snort Daemon for Interface "venet0" failed
   Starting......: Snort /usr/bin/snort --create-pidfile --pid-path /var/run/snort_venet0.pid -m 027 -D -d -l /var/log/snort -u root -g root -c /etc/snort/snort.conf -i venet0

Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Unable to start snort on VPS [OPEN]

New postby Friend7 » Thu Jun 09, 2011 6:15 am

This is an automatic calculation found with your network cards settings.


If you would like to check it, I sent by email snort.conf

Code: Select all

[root@ns1 ~]# php /usr/share/artica-postfix/exec.snort.php --start
Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 ()
Starting......: Snort Daemon HOME_NET
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" failed
Starting......: Snort /usr/bin/snort --create-pidfile --pid-path /var/run/snort_
venet0.pid -m 027 -D -d -l /var/log/snort -u root -g root -c /etc/snort/snort.conf -i venet0
[root@ns1 ~]#
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Unable to start snort on VPS [OPEN]

New postby Friend7 » Thu Jun 09, 2011 4:02 pm

Hello,

I patched and I have v1.5.060914

Seems to be that it does not work for my configuration.

Starting......: Snort Daemon for Interface "venet0" success PID 13931

Code: Select all
[root@ns1 ~]# php /usr/share/artica-postfix/exec.snort.php --start
Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 ()
Starting......: Snort Daemon HOME_NET
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon testing config success
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" success PID 13931

[root@ns1 ~]#


Image

BR
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee


Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 1 guest

cron