Package: snort
Version: 2.9.15.1-2
Severity: grave
Dear Maintainer,
installation of 'snort' fails with a subprocess error (fresh install,
/etc/snort doesn't exist before installation. Accepting the propose
d network settings: 192.168.0.0/16). Aptitude output:
******************************************************************
Performing actions...
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Preconfiguring packages ...
Snort configuration: interface default not set, using 'eth0'
Selecting previously unselected package snort-common-libraries.
(Reading database ... 649619 files and directories currently installe
d.)
Preparing to unpack .../0-snort-common-libraries_2.9.15.1-2_amd64.deb
...
Unpacking snort-common-libraries (2.9.15.1-2) ...
Preparing to unpack .../1-snort-rules-default_2.9.15.1-2_all.deb ...
Unpacking snort-rules-default (2.9.15.1-2) ...
Preparing to unpack .../2-snort-common_2.9.15.1-2_all.deb ...
Unpacking snort-common (2.9.15.1-2) ...
Selecting previously unselected package libdaq2.
Preparing to unpack .../3-libdaq2_2.0.7-2_amd64.deb ...
Unpacking libdaq2 (2.0.7-2) ...
Selecting previously unselected package snort.
Preparing to unpack .../4-snort_2.9.15.1-2_amd64.deb ...
Unpacking snort (2.9.15.1-2) ...
Preparing to unpack .../5-oinkmaster_2.0-4_all.deb ...
Unpacking oinkmaster (2.0-4) ...
Setting up oinkmaster (2.0-4) ...
Setting up snort-common (2.9.15.1-2) ...
Setting up libdaq2 (2.0.7-2) ...
Setting up snort-rules-default (2.9.15.1-2) ...
Setting up snort-common-libraries (2.9.15.1-2) ...
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default not set, using 'eth0'
WARNING: tempfile is deprecated; consider using mktemp instead.
Job for snort.service failed because the control process exited with
error code.
See "systemctl status snort.service" and "journalctl -xe" for details
.
invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
Loaded: loaded (/etc/init.d/snort; generated)
Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:4
3 CEST; 5ms ago
Docs: man:systemd-sysv-generator(8)
Process: 259261 ExecStart=/etc/init.d/snort start (code=exited,
status=1/FAILURE)
Jun 05 13:41:43 holly systemd[1]: Starting LSB: Lightweight network i
ntrusion detection system...
Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface configuration, using
/etc/snort/snort.conf
Jun 05 13:41:43 holly snort[259273]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface configuration, using
/etc/sno
Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface con
Jun 05 13:41:43 holly snort[259275]: Starting
Jun 05 13:41:43 holly systemd[1]: snort.service: Control process exit
ed, code=exited, status=1/FAILURE
Jun 05 13:41:43 holly systemd[1]: snort.service: Failed with result '
exit-code'.
Jun 05 13:41:43 holly systemd[1]: Failed to start LSB: Lightweight ne
twork intrusion detection system.
dpkg: error processing package snort (--configure):
installed snort package post-installation script subprocess returne
d error exit status 1
Processing triggers for systemd (245.5-3) ...
Processing triggers for man-db (2.9.2-1) ...
Processing triggers for libc-bin (2.30-8) ...
Errors were encountered while processing:
snort
[ Rootkit Hunter version 1.4.6 ]
File updated: searched for 181 files, found 152
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default set, using eth0
WARNING: tempfile is deprecated; consider using mktemp instead.
Job for snort.service failed because the control process exited with
error code.
See "systemctl status snort.service" and "journalctl -xe" for details
.
invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
Loaded: loaded (/etc/init.d/snort; generated)
Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:5
4 CEST; 4ms ago
Docs: man:systemd-sysv-generator(8)
Process: 269896 ExecStart=/etc/init.d/snort start (code=exited,
status=1/FAILURE)
Jun 05 13:41:54 holly systemd[1]: Starting LSB: Lightweight network i
ntrusion detection system...
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface configuration, using
/etc/snort/snort.conf
Jun 05 13:41:54 holly snort[269907]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface configuration, using
/etc/sno
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface con
Jun 05 13:41:54 holly snort[269909]: Starting
Jun 05 13:41:54 holly systemd[1]: snort.service: Control process exit
ed, code=exited, status=1/FAILURE
Jun 05 13:41:54 holly systemd[1]: snort.service: Failed with result '
exit-code'.
Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne
twork intrusion detection system.
dpkg: error processing package snort (--configure):
installed snort package post-installation script subprocess returne
d error exit status 1
Errors were encountered while processing:
snort
Press Return to continue, 'q' followed by Return to quit.
******************************************************************
As recommended in the output, appending systemctl and journalctl outp
ut:
******************************************************************
$ systemctl status snort.service
● snort.service - LSB: Lightweight network intrusion detection system
Loaded: loaded (/etc/init.d/snort; generated)
Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:5
4 CEST; 6min ago
Docs: man:systemd-sysv-generator(8)
Process: 269896 ExecStart=/etc/init.d/snort start (code=exited,
status=1/FAILURE)
Jun 05 13:41:54 holly systemd[1]: Starting LSB: Lightweight network i
ntrusion detection system...
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface co>
Jun 05 13:41:54 holly snort[269907]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface co>
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface con
Jun 05 13:41:54 holly snort[269909]: Starting
Jun 05 13:41:54 holly systemd[1]: snort.service: Control process exit
ed, code=exited, status=1/FAILURE
Jun 05 13:41:54 holly systemd[1]: snort.service: Failed with result '
exit-code'.
Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne
twork intrusion detection system.
******************************************************************
******************************************************************
$ journalctl -xe
Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne
twork intrusion detection system.
-- Subject: A start job for unit snort.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit snort.service has finished with a failure.
--
-- The job identifier is 8917 and the job result is failed.
******************************************************************
In /etc/snort.conf, the following options specify non-existing files:
# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/lib/i386-linux-gnu/snort_dynamicpr
eprocessor/
# path to base preprocessor engine
dynamicengine /usr/lib/i386-linux-gnu/snort_dynamicengine/libsf_engin
e.so
On my system the following directory and lib exist (amd64 system):
/usr/lib/x86_64-linux-gnu/snort_dynamicpreprocessor
/usr/lib/x86_64-linux-gnu/snort_dynamicengine/libsf_engine.so
Manually changing snort.conf and restarting snort still fails:
******************************************************************
● snort.service - LSB: Lightweight network intrusion detection system
Loaded: loaded (/etc/init.d/snort; generated)
Active: failed (Result: exit-code) since Fri 2020-06-05 14:05:2
8 CEST; 11s ago
Docs: man:systemd-sysv-generator(8)
Process: 303834 ExecStart=/etc/init.d/snort start (code=exited,
status=1/FAILURE)
Jun 05 14:05:28 holly systemd[1]: Starting LSB: Lightweight network i
ntrusion detection system...
Jun 05 14:05:28 holly snort[303834]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface co>
Jun 05 14:05:28 holly snort[303845]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface co>
Jun 05 14:05:28 holly snort[303834]: Starting Network Intrusion Detec
tion System : snort (eth0 no specific interface con
Jun 05 14:05:28 holly snort[303847]: Starting
Jun 05 14:05:28 holly systemd[1]: snort.service: Control process exit
ed, code=exited, status=1/FAILURE
Jun 05 14:05:28 holly systemd[1]: snort.service: Failed with result '
exit-code'.
Jun 05 14:05:28 holly systemd[1]: Failed to start LSB: Lightweight ne
twork intrusion detection system.
******************************************************************
Calling '/usr/sbin/snort -T -c │ /etc/snort/snort.conf' leads to the
following output:
******************************************************************
$ /usr/sbin/snort -T -c │ /etc/snort/snort.conf
/usr/sbin/snort: symbol lookup error: /usr/lib/x86_64-linux-gnu/libsf
bpf.so.0: undefined symbol: sf_n_errors
******************************************************************
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGU
AGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages snort depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.74
ii init-system-helpers 1.57
ii libc6 2.30-8
ii libdaq2 2.0.7-2
ii libdumbnet1 1.12-9
ii liblzma5 5.2.4-1+b1
ii libnghttp2-14 1.41.0-2
ii libpcap0.8 1.9.1-4
ii libpcre3 2:8.39-12+b1
ii libssl1.1 1.1.1g-1
ii logrotate 3.16.0-3
ii lsb-base 11.1.0
ii net-tools 1.60+git20180626.aebd88e-1
ii rsyslog [system-log-daemon] 8.2004.0-1
ii snort-common 2.9.15.1-2
ii snort-common-libraries 2.9.15.1-2
ii snort-rules-default 2.9.15.1-2
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages snort recommends:
ii iproute2 5.6.0-1
Versions of packages snort suggests:
pn snort-doc <none>
-- debconf information:
* snort/startup: boot
* snort/stats_treshold: 1
snort/options:
* snort/send_stats: true
snort/please_restart_manually:
snort/invalid_interface:
* snort/stats_rcpt: root
* snort/address_range: 192.168.0.0/16
* snort/interface: eth0
snort/disable_promiscuous: false
snort/config_parameters:
