Package: snort-mysql
Version: 2.8.5.2-8
Severity: normal
Tags: d-i
The "bug" is a return code 10 from installation.
as
apt-get install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
..........
Setting up snort-mysql (2.8.5.2-8) ...
dpkg: error processing snort-mysql (--configure):
subprocess installed post-installation script returned error exit status 10
configured to not write apport reports
Errors were encountered while processing:
snort-mysql
E: Sub-process /usr/bin/dpkg returned an error code (1)
The package seems not fully installed and every update show the
same message.
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.7.4 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages snort-mysql depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libmysqlclient16 5.1.66-0+squeeze1 MySQL database client library
ii libpcap0.8 1.1.1-2+squeeze1 system interface for user-level pa
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libprelude2 1.0.0-1 Security Information Management Sy
ii logrotate 3.7.8-6 Log rotation utility
ii rsyslog [system-log-da 4.6.4-2 enhanced multi-threaded syslogd
ii snort-common 2.8.5.2-8 flexible Network Intrusion Detecti
ii snort-common-libraries 2.8.5.2-8 flexible Network Intrusion Detecti
ii snort-rules-default 2.8.5.2-8 flexible Network Intrusion Detecti
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages snort-mysql recommends:
ii iproute 20100519-3 networking and traffic control too
Versions of packages snort-mysql suggests:
pn snort-doc <none> (no description available)
-- Configuration Files:
/etc/default/snort changed:
PARAMS="-m 027 -D -d "
SNORTUSER="snort"
LOGDIR="/var/log/snort"
SNORTGROUP="snort"
ALLOW_UNAVAILABLE="no"
/etc/init.d/snort changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DAEMON=/usr/sbin/snort
NAME=snort
DESC="Network Intrusion Detection System"
. /lib/lsb/init-functions
CONFIG=/etc/snort/snort.debian.conf
if [ -f /etc/snort/snort.common.parameters ] ; then
COMMON=`cat /etc/snort/snort.common.parameters`
elif [ -r /etc/default/snort ] ; then
. /etc/default/snort
COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP"
fi
test -x $DAEMON || exit 0
test -f $CONFIG && . $CONFIG
test -z "$DEBIAN_SNORT_HOME_NET" && DEBIAN_SNORT_HOME_NET="192.168.0.0/16"
cd /etc/snort
running()
{
PIDFILE=$1
[ ! -f "$PIDFILE" ] && return 1
pid=`cat $PIDFILE`
[ -z "$pid" ] && return 1
[ ! -d /proc/$pid ] && return 1
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
[ "$cmd" != "$DAEMON" ] && return 1
return 0
}
check_log_dir() {
# If we cannot determine the logdir return without error
# (we will not check it)
# This will only be used by people using /etc/default/snort
[ -n "$LOGDIR" ] || return 0
[ -n "$SNORTUSER" ] || return 0
if [ ! -e "$LOGDIR" ] ; then
log_failure_msg "ERR: logging directory $LOGDIR does not exist"
return 1
elif [ ! -d "$LOGDIR" ] ; then
log_failure_msg "ERR: logging directory $LOGDIR does not exist"
return 1
else
real_log_user=`stat -c %U $LOGDIR`
# An alternative way is to check if the snort user can create
# a file there...
if [ "$real_log_user" != "$SNORTUSER" ] ; then
log_failure_msg "ERR: logging directory $LOGDIR does
not belong to the snort user $SNORTUSER"
return 1
fi
fi
return 0
}
check_root() {
if [ "$(id -u)" != "0" ]; then
log_failure_msg "You must be root to start, stop or restart $NAME."
exit 4
fi
}
case "$1" in
start)
check_root
log_daemon_msg "Starting $DESC " "$NAME"
if [ -e /etc/snort/db-pending-config ] ; then
log_failure_msg "/etc/snort/db-pending-config file found"
log_failure_msg "Snort will not start as its database is not
yet configured."
log_failure_msg "Please configure the database as described in"
log_failure_msg
"/usr/share/doc/snort-{pgsql,mysql}/README-database.Debian"
log_failure_msg "and remove /etc/snort/db-pending-config"
exit 6
fi
if ! check_log_dir; then
log_failure_msg " will not start $DESC!"
exit 5
fi
if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
shift
set +e
/etc/ppp/ip-up.d/snort "$@"
ret=$?
if [ $ret -eq 0 ] ; then
log_end_msg 0
else
log_end_msg 1
fi
exit $ret
fi
# Usually, we start all interfaces
interfaces="$DEBIAN_SNORT_INTERFACE"
# If we are requested to start a specific interface...
test "$2" && interfaces="$2"
# If the interfaces list is empty stop (no error)
if [ -z "$interfaces" ] ; then
log_progress_msg "no interfaces configured, will not start"
log_end_msg 0
exit 0
fi
myret=0
got_instance=0
for interface in $interfaces; do
got_instance=1
log_progress_msg "($interface"
# Check if the interface is available:
# - only if iproute is available
# - the interface exists
# - the interface is up
if ! [ -x /sbin/ip ] || ( ip link show dev "$interface"
>/dev/null 2>&1 && [ -n "`ip link show up "$interface" 2>/dev/null`" ] ) ; then
PIDFILE=/var/run/snort_$interface.pid
CONFIGFILE=/etc/snort/snort.$interface.conf
# Defaults:
fail="failed (check /var/log/daemon.log, /var/log/syslog and
/var/log/snort/)"
run="yes"
if [ -e "$PIDFILE" ] && running $PIDFILE; then
run="no"
# Do not start this instance, it is already runing
fi
if [ "$run" = "yes" ] ; then
if [ ! -e "$CONFIGFILE" ]; then
log_progress_msg "using /etc/snort/snort.conf"
CONFIGFILE=/etc/snort/snort.conf
else
log_progress_msg "using
/etc/snort/snort.$interface.conf"
fi
set +e
/sbin/start-stop-daemon --start --quiet \
--pidfile "$PIDFILE" \
--exec $DAEMON -- $COMMON $DEBIAN_SNORT_OPTIONS \
-c $CONFIGFILE \
-S "HOME_NET=[$DEBIAN_SNORT_HOME_NET]" \
-i $interface >/dev/null
ret=$?
case "$ret" in
0)
log_progress_msg "...done)"
;;
*)
log_progress_msg "...ERROR: $fail)"
myret=$(expr "$myret" + 1)
;;
esac
set -e
else
log_progress_msg "...already running)"
fi
else
# What to do if the interface is not available
# or is not up
if [ "$ALLOW_UNAVAILABLE" != "no" ] ; then
log_progress_msg "...interface not available)"
else
log_progress_msg "...ERROR: interface not
available)"
myret=$(expr "$myret" + 1)
fi
fi
done
if [ "$got_instance" = 0 ] && [ "$ALLOW_UNAVAILABLE" = "no" ]; then
log_failure_msg "No snort instance found to be started!" >&2
exit 6
fi
if [ $myret -eq 0 ] ; then
log_end_msg 0
else
log_end_msg 1
fi
exit $myret
;;
stop)
check_root
log_daemon_msg "Stopping $DESC " "$NAME"
if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
shift
set +e
/etc/ppp/ip-down.d/snort "$@"
ret=$?
if [ $ret -eq 0 ] ; then
log_end_msg 0
else
log_end_msg 1
fi
exit $ret
fi
# Usually, we stop all current running interfaces
pidpattern=/var/run/snort_*.pid
# If we are requested to stop a specific interface...
test "$2" && pidpattern=/var/run/snort_"$2".pid
got_instance=0
myret=0
for PIDFILE in $pidpattern; do
# This check is also needed, if the above pattern doesn't match
test -f "$PIDFILE" || continue
got_instance=1
interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
log_progress_msg "($interface"
set +e
if [ ! -e "$PIDFILE" -o -r "$PIDFILE" ] ; then
/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--pidfile "$PIDFILE" --exec $DAEMON >/dev/null
ret=$?
rm -f "$PIDFILE"
rm -f "$PIDFILE.lck"
else
log_progress_msg "cannot read $PIDFILE"
ret=4
fi
case "$ret" in
0)
log_progress_msg "...done)"
;;
*)
log_progress_msg "...ERROR)"
myret=$(expr "$myret" + 1)
;;
esac
set -e
done
if [ "$got_instance" = 0 ]; then
log_warning_msg " - No running snort instance found"
exit 0 # LSB demands we don't exit with error here
fi
if [ $myret -eq 0 ] ; then
log_end_msg 0
else
log_end_msg 1
fi
exit $myret
;;
restart|force-restart|reload|force-reload)
check_root
# Usually, we restart all current running interfaces
pidpattern=/var/run/snort_*.pid
# If we are requested to restart a specific interface...
test "$2" && pidpattern=/var/run/snort_"$2".pid
got_instance=0
for PIDFILE in $pidpattern; do
# This check is also needed, if the above pattern doesn't match
test -f "$PIDFILE" || continue
got_instance=1
interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
$0 stop $interface || true
$0 start $interface || true
done
# If we did not find any instance of Snort then we restart all
if [ "$got_instance" = 0 ]; then
$0 start
fi
;;
status)
log_daemon_msg "Status of snort daemon(s)"
interfaces="$DEBIAN_SNORT_INTERFACE"
# If we are requested to check for a specific interface...
test "$2" && interfaces="$2"
err=0
pid=0
for interface in $interfaces; do
log_progress_msg " $interface "
pidfile=/var/run/snort_$interface.pid
if [ -f "$pidfile" ] ; then
if [ -r "$pidfile" ] ; then
pidval=`cat $pidfile`
pid=$(expr "$pid" + 1)
if ps -p $pidval | grep -q snort; then
log_progress_msg "OK"
else
log_progress_msg "ERROR"
err=$(expr "$err" + 1)
fi
else
log_progress_msg "ERROR: cannot read status file"
err=$(expr "$err" + 1)
fi
else
log_progress_msg "ERROR"
err=$(expr "$err" + 1)
fi
done
if [ $err -ne 0 ] ; then
if [ $pid -ne 0 ] ; then
log_end_msg 1
exit 1
else
log_end_msg 3
exit 3
fi
fi
log_end_msg 0
;;
config-check)
log_daemon_msg "Checking $DESC configuration"
if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
log_failure_msg "Config-check is currently not supported for
snort in Dialup configuration"
log_end_msg 3
exit 3
fi
# usually, we test all interfaces
interfaces="$DEBIAN_SNORT_INTERFACE"
# if we are requested to test a specific interface...
test "$2" && interfaces="$2"
myret=0
got_instance=0
for interface in $interfaces; do
got_instance=1
log_progress_msg "interface $interface"
CONFIGFILE=/etc/snort/snort.$interface.conf
if [ ! -e "$CONFIGFILE" ]; then
CONFIGFILE=/etc/snort/snort.conf
fi
COMMON=`echo $COMMON | sed -e 's/-D//'`
set +e
fail="INVALID"
if [ -r "$CONFIGFILE" ]; then
$DAEMON -T $COMMON $DEBIAN_SNORT_OPTIONS \
-c $CONFIGFILE \
-S "HOME_NET=[$DEBIAN_SNORT_HOME_NET]" \
-i $interface >/dev/null 2>&1
ret=$?
else
fail="cannot read $CONFIGFILE"
ret=4
fi
set -e
case "$ret" in
0)
log_progress_msg "OK"
;;
*)
log_progress_msg "$fail"
myret=$(expr "$myret" + 1)
;;
esac
done
if [ "$got_instance" = 0 ]; then
log_failure_msg "no snort instance found to be started!" >&2
exit 6
fi
if [ $myret -eq 0 ] ; then
log_end_msg 0
else
log_end_msg 1
fi
exit $myret
;;
*)
echo "Usage: $0
{start|stop|restart|force-restart|reload|force-reload|status|config-check}"
exit 1
;;
esac
exit 0
/etc/logrotate.d/snort changed:
/var/log/snort/portscan.log /var/log/snort/alert /var/log/snort/portscan2.log {
daily
rotate 7
compress
missingok
notifempty
create 0640 snort adm
sharedscripts
postrotate
if [ -x /usr/sbin/invoke-rc.d ]; then \
invoke-rc.d snort restart > /dev/null; \
else \
/etc/init.d/snort restart > /dev/null; \
fi;
endscript
}
/etc/ppp/ip-down.d/snort changed:
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DAEMON=/usr/sbin/snort
NAME=snort
DESC="Network Intrusion Detection System"
CONFIG=/etc/snort/snort.debian.conf
test -x $DAEMON || exit 0
test -f $CONFIG && . $CONFIG
test "$DEBIAN_SNORT_STARTUP" = "dialup" || exit 0
if ! [ "$DEBIAN_SNORT_RECURSIVE" ]; then
# Acquire lock...
trap 'rm -f /var/run/snort.ppp.lock' 0
for tries in $(seq 1 10); do
mkfifo /var/run/snort.ppp.lock 2>/dev/null && break
sleep 1
done
# Now it's locked or timed out.
# In the latter case we assume stale lock.
fi
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ]; then
echo -n "Stopping $DESC: $NAME($PPP_IFACE)"
PIDFILE=/var/run/snort_$PPP_IFACE.pid
ENVFILE=/var/run/snort_$PPP_IFACE.env
test -f "$PIDFILE" && pid=$(cat "$PIDFILE")
# We remove the saved environment, if we are not asked to
# keep them. DEBIAN_SNORT_KEEPENV is not set, if we're
# called by pppd, thus we always remove stale environments.
test $DEBIAN_SNORT_KEEPENV || rm -f "$ENVFILE"
/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--pidfile "$PIDFILE" --exec $DAEMON >/dev/null
rm -f "$PIDFILE"
echo "."
exit 0
fi
DEBIAN_SNORT_RECURSIVE=1
export DEBIAN_SNORT_RECURSIVE
DEBIAN_SNORT_KEEPENV=1
export DEBIAN_SNORT_KEEPENV
envpattern=/var/run/snort_*.env
test "$1" -a -z "$2" && envpattern=/var/run/snort_"$1".env
myret=0
got_instance=0
for env in $envpattern; do
# This check is also needed, if the above pattern doesn't match
test -f "$env" || continue;
. "$env"
# Prevent endless recursion because of damaged environments
# Check, if the environment is still valid...
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ] &&
kill -0 $PPPD_PID 2>/dev/null &&
ps -p $PPPD_PID | grep -q pppd; then
got_instance=1
export PPPD_PID PPP_IFACE PPP_LOCAL
# Because the stop of this particular environment could
# fail, we guard it
set +e
$0 "$@"
ret=$?
set -e
case "$ret" in
0)
;;
*)
myret=$(expr "$myret" + 1)
;;
esac
else
rm -f "$env"
fi
done
if [ "$got_instance" = 0 ]; then
echo "No snort instance found to be stopped!" >&2
fi
exit $myret
/etc/ppp/ip-up.d/snort changed:
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DAEMON=/usr/sbin/snort
NAME=snort
DESC="Network Intrusion Detection System"
CONFIG=/etc/snort/snort.debian.conf
if [ -r /etc/snort/snort.common.parameters ] ; then
COMMON=`cat /etc/snort/snort.common.parameters`
elif [ -r /etc/default/snort ] ; then
. /etc/default/snort
COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP"
fi
test -x $DAEMON || exit 0
test -f $CONFIG && . $CONFIG
test "$DEBIAN_SNORT_STARTUP" = "dialup" || exit 0
check_log_dir() {
# If we cannot determine the logdir return without error
# (we will not check it)
# This will only be used by people using /etc/default/snort
[ -n "$LOGDIR" ] || return 0
[ -n "$SNORTUSER" ] || return 0
if [ ! -e "$LOGDIR" ] ; then
echo -n "ERR: logging directory $LOGDIR does not exist"
return 1
elif [ ! -d "$LOGDIR" ] ; then
echo -n "ERR: logging directory $LOGDIR does not exist"
return 1
else
real_log_user=`stat -c %U $LOGDIR`
# An alternative way is to check if the snort user can create
# a file there...
if [ "$real_log_user" != "$SNORTUSER" ] ; then
echo -n "ERR: logging directory $LOGDIR does not belong
to the snort user $SNORTUSER"
return 1
fi
fi
return 0
}
if ! check_log_dir; then
echo "Cannot start $DESC!"
exit 1
fi
if ! [ "$DEBIAN_SNORT_RECURSIVE" ]; then
# Acquire lock...
trap 'rm -f /var/run/snort.ppp.lock' 0
for tries in $(seq 1 10); do
mkfifo /var/run/snort.ppp.lock 2>/dev/null && break
sleep 1
done
# Now it's locked or timed out.
# In the latter case we assume stale lock.
fi
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ]; then
echo -n "Starting $DESC: $NAME($PPP_IFACE)"
PIDFILE=/var/run/snort_$PPP_IFACE.pid
ENVFILE=/var/run/snort_$PPP_IFACE.env
fail="failed (check /var/log/daemon.log)"
/sbin/start-stop-daemon --stop --signal 0 --quiet \
--pidfile "$PIDFILE" --exec $DAEMON >/dev/null &&
fail="already running"
cd /etc/snort
CONFIGFILE=/etc/snort/snort.$PPP_IFACE.conf
if [ ! -e $CONFIGFILE ]; then
echo "No /etc/snort/snort.$PPP_IFACE.conf, defaulting to
snort.conf"
CONFIGFILE=/etc/snort/snort.conf
fi
# We intentionally set +e here, thus (new) environment is even
# saved, if startup fails - for further startup attempts
set +e
/sbin/start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
--exec $DAEMON -- $COMMON $DEBIAN_SNORT_OPTIONS \
-c $CONFIGFILE \
-S "HOME_NET=[$PPP_LOCAL/32]" \
-i $PPP_IFACE >/dev/null
ret=$?
set -e
case "$ret" in
0)
echo "."
;;
*)
echo "...$fail."
;;
esac
echo "PPPD_PID=$PPPD_PID" > "$ENVFILE"
echo "PPP_IFACE=$PPP_IFACE" >> "$ENVFILE"
echo "PPP_LOCAL=$PPP_LOCAL" >> "$ENVFILE"
exit $ret
fi
DEBIAN_SNORT_RECURSIVE=1
export DEBIAN_SNORT_RECURSIVE
envpattern=/var/run/snort_*.env
test "$1" -a -z "$2" && envpattern=/var/run/snort_"$1".env
myret=0
got_instance=0
for env in $envpattern; do
# This check is also needed, if the above pattern doesn't match
test -f "$env" || continue;
. "$env"
# Prevent endless recursion because of damaged environments
# Check, if the environment is still valid...
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ] &&
kill -0 $PPPD_PID 2>/dev/null &&
ps -p $PPPD_PID | grep -q pppd; then
got_instance=1
export PPPD_PID PPP_IFACE PPP_LOCAL
# Because the starup of this particular environment could
# fail, we guard it
set +e
$0 "$@"
ret=$?
set -e
case "$ret" in
0)
;;
*)
myret=$(expr "$myret" + 1)
;;
esac
else
rm -f "$env"
fi
done
if [ "$got_instance" = 0 ]; then
echo "No snort instance found to be started!" >&2
exit 1
fi
exit $myret
-- debconf information:
* snort-mysql/address_range: 192.168.1.0/24,192.168.2.0/24,192.168.3.0/24
snort-mysql/please_restart_manually:
snort-mysql/db_database:
snort-mysql/options:
* snort-mysql/configure_db: false
* snort-mysql/startup: boot
* snort-mysql/send_stats: true
* snort-mysql/stats_treshold: 1
snort-mysql/invalid_interface:
* snort-mysql/interface: eth0
snort-mysql/needs_db_config:
* snort-mysql/stats_rcpt: root
snort-mysql/db_user:
snort-mysql/disable_promiscuous: false
snort-mysql/config_parameters:
snort-mysql/db_host:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
