unable to stat snort_dynamicrules directory [OPEN]

All about Snort integration in Artica

unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Sun Aug 07, 2011 5:54 pm

Bonjour,

Server: xxx.xxx.xxx.138
Artica v1.5.080700

Snort is down.

Also, I did "Reconfigure IDS".

Snort Daemon unable to stat snort_dynamicrules directory
Snort Daemon for Interface "venet0" failed

Merci

Code: Select all
root@ns1:~# php5 /usr/share/artica-postfix/exec.snort.php --start

Warning: Terminal locale not UTF-8, but UTF-8 locale is being forced.
         Screen output may not be correctly printed.

Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 (29)
Starting......: Snort Daemon HOME_NET xxx.xxx.xxx.0/24
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" failed
Starting......: Snort /usr/bin/snort --create-pidfile --pid-path /var/run/snort_
venet0.pid -m 027 -D -d -l /var/log/snort -u root -g root -c /etc/snort/snort.conf -i venet0
root@ns1:~#


Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Sun Aug 07, 2011 10:13 pm

do

Code: Select all
updatedb
locate snort_dynamicrules
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Mon Aug 08, 2011 1:31 am

I did this on Server: xxx.xxx.xxx.138

root@ns1:~# updatedb
root@ns1:~# locate snort_dynamicrules
root@ns1:~# php5 /usr/share/artica-postfix/exec.snort.php --start

Starting......: Snort Daemon building configuration...
Starting......: Snort Daemon version 2.9.0.5 (29)
Starting......: Snort Daemon HOME_NET xxx.xxx.xxx.xxx/24
Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!
Starting......: Snort Daemon adding rule attack-responses.rules
Starting......: Snort Daemon adding rule backdoor.rules
Starting......: Snort Daemon adding rule bad-traffic.rules
Starting......: Snort Daemon adding rule blacklist.rules
Starting......: Snort Daemon adding rule botnet-cnc.rules
Starting......: Snort Daemon adding rule chat.rules
Starting......: Snort Daemon adding rule content-replace.rules
Starting......: Snort Daemon adding rule ddos.rules
Starting......: Snort Daemon adding rule deleted.rules
Starting......: Snort Daemon adding rule dns.rules
Starting......: Snort Daemon adding rule dos.rules
Starting......: Snort Daemon adding rule experimental.rules
Starting......: Snort Daemon adding rule exploit.rules
Starting......: Snort Daemon adding rule finger.rules
Starting......: Snort Daemon adding rule ftp.rules
Starting......: Snort Daemon adding rule icmp-info.rules
Starting......: Snort Daemon adding rule icmp.rules
Starting......: Snort Daemon adding rule imap.rules
Starting......: Snort Daemon adding rule info.rules
Starting......: Snort Daemon adding rule local.rules
Starting......: Snort Daemon adding rule misc.rules
Starting......: Snort Daemon adding rule multimedia.rules
Starting......: Snort Daemon adding rule mysql.rules
Starting......: Snort Daemon adding rule netbios.rules
Starting......: Snort Daemon adding rule nntp.rules
Starting......: Snort Daemon adding rule oracle.rules
Starting......: Snort Daemon adding rule other-ids.rules
Starting......: Snort Daemon adding rule p2p.rules
Starting......: Snort Daemon adding rule phishing-spam.rules
Starting......: Snort Daemon adding rule policy.rules
Starting......: Snort Daemon adding rule pop2.rules
Starting......: Snort Daemon adding rule pop3.rules
Starting......: Snort Daemon adding rule rpc.rules
Starting......: Snort Daemon adding rule rservices.rules
Starting......: Snort Daemon adding rule scada.rules
Starting......: Snort Daemon adding rule scan.rules
Starting......: Snort Daemon adding rule shellcode.rules
Starting......: Snort Daemon adding rule smtp.rules
Starting......: Snort Daemon adding rule snmp.rules
Starting......: Snort Daemon adding rule specific-threats.rules
Starting......: Snort Daemon adding rule spyware-put.rules
Starting......: Snort Daemon adding rule sql.rules
Starting......: Snort Daemon adding rule telnet.rules
Starting......: Snort Daemon adding rule tftp.rules
Starting......: Snort Daemon adding rule virus.rules
Starting......: Snort Daemon adding rule voip.rules
Starting......: Snort Daemon adding rule web-activex.rules
Starting......: Snort Daemon adding rule web-attacks.rules
Starting......: Snort Daemon adding rule web-cgi.rules
Starting......: Snort Daemon adding rule web-client.rules
Starting......: Snort Daemon adding rule web-coldfusion.rules
Starting......: Snort Daemon adding rule web-frontpage.rules
Starting......: Snort Daemon adding rule web-iis.rules
Starting......: Snort Daemon adding rule web-misc.rules
Starting......: Snort Daemon adding rule web-php.rules
Starting......: Snort Daemon adding rule x11.rules
Starting......: Snort Daemon Testing configuration....
Starting......: Snort Daemon building configuration done...
Starting......: Snort Daemon for Interface "venet0"...
Starting......: Snort Daemon for Interface "venet0" failed
Starting......: Snort /usr/bin/snort --create-pidfile --pid-path /var/run/snort_
venet0.pid -m 027 -D -d -l /var/log/snort -u root -g root -c /etc/snort/snort.co
nf -i venet0
root@ns1:~#
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Mon Aug 08, 2011 8:43 am

this means that your current kernel did not allow snort
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Mon Aug 08, 2011 3:40 pm

Snort has been working fine for almost 2 months.

I have reported it to VPS's Support ....
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Mon Aug 08, 2011 5:27 pm

May be the kernel has been updated since 2 month and the new one did not include correct hooks for SNORT
User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Mon Aug 08, 2011 5:38 pm

I think you are right
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Mon Aug 08, 2011 7:17 pm

Bonjour,

Support said:

Please do update us the exact kernel module that your application needs to run, so that we can enable it for you.



Which modules Does Artica need to load into kernel for running Snort?
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby admin » Mon Aug 08, 2011 11:29 pm

User avatar
admin
Site Admin
 
Posts: 11943
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: unable to stat snort_dynamicrules directory [OPEN]

New postby Friend7 » Fri Aug 12, 2011 7:33 am

1.

Support said:

Keep in mind we have not changed the kernel version/modules on the node.



2.
Snort cannot start on a Clean and Fresh installation.

V1.5.081201
OS: Debian 6.0.2 64 bits
Server: xxx.xxx.xxx.138

Both Servers xxx.xxx.xxx.138 and xxx.xxx.xxx.199 have this bug

Starting......: Snort Daemon unable to stat snort_dynamicrules directory !!


I do not know what else to do.

Any ideas?
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Next

Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 1 guest

cron