List Info

Thread: Re: Snort unable to initialize prelude client
Re: Snort unable to initialize prelude client
country flaguser name
United States		 2007-08-21 12:29:42 
On Tue, 21 Aug 2007 18:46:55 +0200, "Sebastien
Tricaud" <sebastien.tricaudgmail.com> wrote:
> Jason,
> 
> can you apply the patch attached to this email and tell
me if it now works
> ?
> 
> Please apply it using libprelude on svn.

Hope you don't mind, I applied it against the OpenBSD
prelude-libprelude-0.9.14 port, compiled fine.  Then I get
the following error:

Decoding Ethernet on interface pcn3
ERROR: prelude-failover: Unable to initialize prelude
client: could not create directory
'/var/spool/prelude/snort/global': Permission denied.
Fatal Error, Quitting..

The permissions for /var/spool/prelude are the problem:

# ls -ld /var/spool/prelude
drwx------  6 _prelude  _prelude  512 Aug 17 14:06
/var/spool/prelude

Not sure if this is a problem with Prelude or OpenBSD's port
of Snort.  Chmod'g these to 755 allows Snort to run...
sorta.  The machine quickly pegged out and is unresponsive. 
Not sure if it's related to Snort or Prelude.  Here are the
last few lines from the console I started Snort in:

Decoding Ethernet on interface pcn3
- Connecting to 127.0.0.1:4690 prelude Manager server.
[127.0.0.1:39741 0x7103f46caf6c0 idmef:w admin:r]: TLS
authentication succeed: client certificate is trusted.
- TLS authentication succeed with Prelude Manager.


Thanks,

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

_______________________________________________
Prelude-user site list
Prelude-userprelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user
Re: Snort unable to initialize prelude client
country flaguser name
United States		 2007-08-21 13:26:33 
Gah, this sucks.  After halting the box and bringing it back
up, I'm back to the pre-patch error again.  I reinstalled my
patched package, but it still results in this error.

Decoding Ethernet on interface pcn0
ERROR: Unspecified source: Unable to initialize the Prelude
library: Permission denied.
Fatal Error, Quitting..


P.S.  The permissions error mentioned in my last email is
due to an error in the OpenBSD prelude-manager port
documentation.  It suggests creating the /var/spool/prelude
directory with 700 perms.

Thanks,

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

_______________________________________________
Prelude-user site list
Prelude-userprelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )