Package: snort Version: 2.9.7.0-5 Severity: important The default configuration of snort offers to setup an e-mail alert ... which will NEVER work in the default configuration, because the alerting script only seems to work with textual log files, while the default config only generates the binary unified2 format log file.
Nothing in the debconf prompting for the alert setup even hints that this might be a problem, leading to a false sense of security by the administrator installing the package. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages snort depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.60 ii libc6 2.24-10 ii libdaq2 2.0.4-3+b1 ii libdumbnet1 1.12-7+b1 ii liblzma5 5.2.2-1.2+b1 ii libpcap0.8 1.8.1-3 ii libpcre3 2:8.39-3 ii logrotate 3.11.0-0.1 ii net-tools 1.60+git20161116.90da8a0-1 ii rsyslog [system-log-daemon] 8.24.0-1 ii snort-common 2.9.7.0-5 ii snort-common-libraries 2.9.7.0-5 ii snort-rules-default 2.9.7.0-5 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages snort recommends: ii iproute2 4.9.0-1 Versions of packages snort suggests: pn snort-doc <none> -- Configuration Files: /etc/default/snort changed [not included] -- debconf information: * snort/stats_treshold: 1 * snort/send_stats: true * snort/interface: enp1s0 * snort/please_restart_manually: * snort/address_range: 172.22.0.0/23 * snort/stats_rcpt: beech...@beechwoods.com * snort/invalid_interface: snort/config_parameters: * snort/options: * snort/startup: boot * snort/disable_promiscuous: false
