Bug#962275: marked as done (snort: Failed to start LSB)

[Debian Bug Tracking System]

Your message dated Sun, 19 Jul 2020 15:19:18 +0000
with message-id <e1jxb5y-000e7l...@fasolo.debian.org>
and subject line Bug#962275: fixed in snort 2.9.15.1-3
has caused the Debian Bug report #962275,
regarding snort: Failed to start LSB
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
962275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962275
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: snort
Version: 2.9.15.1-2
Severity: grave

Dear Maintainer,

installation of 'snort' fails with a subprocess error (fresh install, /etc/snort doesn't exist before installation. Accepting the propose d network settings: 192.168.0.0/16). Aptitude output:

******************************************************************
Performing actions...
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Preconfiguring packages ...
Snort configuration: interface default not set, using 'eth0'
Selecting previously unselected package snort-common-libraries.

(Reading database ... 649619 files and directories currently installe d.) Preparing to unpack .../0-snort-common-libraries_2.9.15.1-2_amd64.deb ...

Unpacking snort-common-libraries (2.9.15.1-2) ...
Preparing to unpack .../1-snort-rules-default_2.9.15.1-2_all.deb ...
Unpacking snort-rules-default (2.9.15.1-2) ...
Preparing to unpack .../2-snort-common_2.9.15.1-2_all.deb ...
Unpacking snort-common (2.9.15.1-2) ...
Selecting previously unselected package libdaq2.
Preparing to unpack .../3-libdaq2_2.0.7-2_amd64.deb ...
Unpacking libdaq2 (2.0.7-2) ...
Selecting previously unselected package snort.
Preparing to unpack .../4-snort_2.9.15.1-2_amd64.deb ...
Unpacking snort (2.9.15.1-2) ...
Preparing to unpack .../5-oinkmaster_2.0-4_all.deb ...
Unpacking oinkmaster (2.0-4) ...
Setting up oinkmaster (2.0-4) ...
Setting up snort-common (2.9.15.1-2) ...
Setting up libdaq2 (2.0.7-2) ...
Setting up snort-rules-default (2.9.15.1-2) ...
Setting up snort-common-libraries (2.9.15.1-2) ...
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default not set, using 'eth0'
WARNING: tempfile is deprecated; consider using mktemp instead.

Job for snort.service failed because the control process exited with error code. See "systemctl status snort.service" and "journalctl -xe" for details .

invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
     Loaded: loaded (/etc/init.d/snort; generated)

Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:4 3 CEST; 5ms ago

       Docs: man:systemd-sysv-generator(8)

Process: 259261 ExecStart=/etc/init.d/snort start (code=exited, status=1/FAILURE)

Jun 05 13:41:43 holly systemd[1]: Starting LSB: Lightweight network i ntrusion detection system... Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface configuration, using /etc/snort/snort.conf Jun 05 13:41:43 holly snort[259273]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface configuration, using /etc/sno Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface con

Jun 05 13:41:43 holly snort[259275]: Starting

Jun 05 13:41:43 holly systemd[1]: snort.service: Control process exit ed, code=exited, status=1/FAILURE Jun 05 13:41:43 holly systemd[1]: snort.service: Failed with result ' exit-code'. Jun 05 13:41:43 holly systemd[1]: Failed to start LSB: Lightweight ne twork intrusion detection system.

dpkg: error processing package snort (--configure):

installed snort package post-installation script subprocess returne d error exit status 1

Processing triggers for systemd (245.5-3) ...
Processing triggers for man-db (2.9.2-1) ...
Processing triggers for libc-bin (2.30-8) ...
Errors were encountered while processing:
 snort
[ Rootkit Hunter version 1.4.6 ]
File updated: searched for 181 files, found 152
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default set, using eth0
WARNING: tempfile is deprecated; consider using mktemp instead.

Job for snort.service failed because the control process exited with error code. See "systemctl status snort.service" and "journalctl -xe" for details .

invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
     Loaded: loaded (/etc/init.d/snort; generated)

Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:5 4 CEST; 4ms ago

       Docs: man:systemd-sysv-generator(8)

Process: 269896 ExecStart=/etc/init.d/snort start (code=exited, status=1/FAILURE)

Jun 05 13:41:54 holly systemd[1]: Starting LSB: Lightweight network i ntrusion detection system... Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface configuration, using /etc/snort/snort.conf Jun 05 13:41:54 holly snort[269907]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface configuration, using /etc/sno Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface con

Jun 05 13:41:54 holly snort[269909]: Starting

Jun 05 13:41:54 holly systemd[1]: snort.service: Control process exit ed, code=exited, status=1/FAILURE Jun 05 13:41:54 holly systemd[1]: snort.service: Failed with result ' exit-code'. Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne twork intrusion detection system.

dpkg: error processing package snort (--configure):

installed snort package post-installation script subprocess returne d error exit status 1

Errors were encountered while processing:
 snort
Press Return to continue, 'q' followed by Return to quit.
******************************************************************

As recommended in the output, appending systemctl and journalctl outp ut:

******************************************************************
$ systemctl status snort.service
● snort.service - LSB: Lightweight network intrusion detection system
     Loaded: loaded (/etc/init.d/snort; generated)

Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:5 4 CEST; 6min ago

       Docs: man:systemd-sysv-generator(8)

Process: 269896 ExecStart=/etc/init.d/snort start (code=exited, status=1/FAILURE)

Jun 05 13:41:54 holly systemd[1]: Starting LSB: Lightweight network i ntrusion detection system... Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface co> Jun 05 13:41:54 holly snort[269907]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface co> Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface con

Jun 05 13:41:54 holly snort[269909]: Starting

Jun 05 13:41:54 holly systemd[1]: snort.service: Control process exit ed, code=exited, status=1/FAILURE Jun 05 13:41:54 holly systemd[1]: snort.service: Failed with result ' exit-code'. Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne twork intrusion detection system.

******************************************************************

******************************************************************
$ journalctl -xe

Jun 05 13:41:54 holly systemd[1]: Failed to start LSB: Lightweight ne twork intrusion detection system.

-- Subject: A start job for unit snort.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit snort.service has finished with a failure.
--
-- The job identifier is 8917 and the job result is failed.
******************************************************************

In /etc/snort.conf, the following options specify non-existing files:

# path to dynamic preprocessor libraries

dynamicpreprocessor directory /usr/lib/i386-linux-gnu/snort_dynamicpr eprocessor/

# path to base preprocessor engine

dynamicengine /usr/lib/i386-linux-gnu/snort_dynamicengine/libsf_engin e.so

On my system the following directory and lib exist (amd64 system):

/usr/lib/x86_64-linux-gnu/snort_dynamicpreprocessor
/usr/lib/x86_64-linux-gnu/snort_dynamicengine/libsf_engine.so

Manually changing snort.conf and restarting snort still fails:

******************************************************************
● snort.service - LSB: Lightweight network intrusion detection system
     Loaded: loaded (/etc/init.d/snort; generated)

Active: failed (Result: exit-code) since Fri 2020-06-05 14:05:2 8 CEST; 11s ago

       Docs: man:systemd-sysv-generator(8)

Process: 303834 ExecStart=/etc/init.d/snort start (code=exited, status=1/FAILURE)

Jun 05 14:05:28 holly systemd[1]: Starting LSB: Lightweight network i ntrusion detection system... Jun 05 14:05:28 holly snort[303834]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface co> Jun 05 14:05:28 holly snort[303845]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface co> Jun 05 14:05:28 holly snort[303834]: Starting Network Intrusion Detec tion System : snort (eth0 no specific interface con

Jun 05 14:05:28 holly snort[303847]: Starting

Jun 05 14:05:28 holly systemd[1]: snort.service: Control process exit ed, code=exited, status=1/FAILURE Jun 05 14:05:28 holly systemd[1]: snort.service: Failed with result ' exit-code'. Jun 05 14:05:28 holly systemd[1]: Failed to start LSB: Lightweight ne twork intrusion detection system.

******************************************************************

Calling '/usr/sbin/snort -T -c │ /etc/snort/snort.conf' leads to the following output:

******************************************************************
$ /usr/sbin/snort -T -c │ /etc/snort/snort.conf

/usr/sbin/snort: symbol lookup error: /usr/lib/x86_64-linux-gnu/libsf bpf.so.0: undefined symbol: sf_n_errors

******************************************************************


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores)

Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGU AGE=en_US:en (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages snort depends on:
ii  adduser                      3.118
ii  debconf [debconf-2.0]        1.5.74
ii  init-system-helpers          1.57
ii  libc6                        2.30-8
ii  libdaq2                      2.0.7-2
ii  libdumbnet1                  1.12-9
ii  liblzma5                     5.2.4-1+b1
ii  libnghttp2-14                1.41.0-2
ii  libpcap0.8                   1.9.1-4
ii  libpcre3                     2:8.39-12+b1
ii  libssl1.1                    1.1.1g-1
ii  logrotate                    3.16.0-3
ii  lsb-base                     11.1.0
ii  net-tools                    1.60+git20180626.aebd88e-1
ii  rsyslog [system-log-daemon]  8.2004.0-1
ii  snort-common                 2.9.15.1-2
ii  snort-common-libraries       2.9.15.1-2
ii  snort-rules-default          2.9.15.1-2
ii  zlib1g                       1:1.2.11.dfsg-2

Versions of packages snort recommends:
ii  iproute2  5.6.0-1

Versions of packages snort suggests:
pn  snort-doc  <none>

-- debconf information:
* snort/startup: boot
* snort/stats_treshold: 1
  snort/options:
* snort/send_stats: true
  snort/please_restart_manually:
  snort/invalid_interface:
* snort/stats_rcpt: root
* snort/address_range: 192.168.0.0/16
* snort/interface: eth0
  snort/disable_promiscuous: false
  snort/config_parameters:

--- End Message ---

--- Begin Message ---

Source: snort
Source-Version: 2.9.15.1-3
Done: =?utf-8?q?Javier_Fern=C3=A1ndez-Sanguino_Pe=C3=B1a?= <j...@debian.org>

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 962...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernández-Sanguino Peña <j...@debian.org> (supplier of updated snort 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 19 Jul 2020 14:54:29 +0200
Source: snort
Architecture: source
Version: 2.9.15.1-3
Distribution: unstable
Urgency: medium
Maintainer: Javier Fernández-Sanguino Peña <j...@debian.org>
Changed-By: Javier Fernández-Sanguino Peña <j...@debian.org>
Closes: 958766 961214 962275
Changes:
 snort (2.9.15.1-3) unstable; urgency=medium
 .
   * debian/watch: Created new file to watch for new versions
   * debian/snort.logrotate: Added missing snort log files to the logrotate 
script
   (e.g. /var/log/snort/snort.alert.fast) and include contents similar to the
   logrotate distributed in rpm packages (rpm/snort.logrotate)
   * debian/rules, debian/snort-common-libraries.dirs, debian/patches/config:
   Do not use multi-arch directories for the Snort libraries, instead, locate 
all
   of the compiled under libraries /usr/lib/snort  (Closes: #962275)
   * debian/rules: Drop configure options which are not anymore relevant
   * debian/po:
     - Update Dutch translation, thanks to Frans Spiesschaert (Closes: #961214)
     - Update German translation, thanks to Chris Leick (Closes: #958766)
   * Convert from ISO-8859-1 to UTF-8 several files under debian:
   debian/my/FAQ.txt, debian/po/ca.po, debian/po/es.po [Lintian fix]
   * debian/control:
     - Remove dh-autoreconf as it is no longer required [Lintian fix]
     - Remove duplicate Priority in snort-doc [Lintian fix]
   * debian/patches/signature_documentation: Add description [Lintian fix]
Checksums-Sha1:
 6f3816ea7ac145b4e6849cdd2c357264984316be 2443 snort_2.9.15.1-3.dsc
 60a5567b97e0b2a2ea640e3a7c1b59ce7fb8634a 753348 snort_2.9.15.1-3.debian.tar.xz
 0c9e998cb151616c174b69aea616bf6aed422fa8 12366 snort_2.9.15.1-3_i386.buildinfo
Checksums-Sha256:
 1743cc604deffa132fe8069274061bed215dbddc00e20911d3620d29084f2663 2443 
snort_2.9.15.1-3.dsc
 d357d0768808e0e14c7a755d1d0e977947fe21d37c39177d694e1e8bdd7646ed 753348 
snort_2.9.15.1-3.debian.tar.xz
 f1b9d09032727becef0674a296c15a2ade7338e3cb70e9810e17137ff6ee2e8e 12366 
snort_2.9.15.1-3_i386.buildinfo
Files:
 fac87c95b80237aaa383927d4590883b 2443 net optional snort_2.9.15.1-3.dsc
 6ef91d522a7210b3dd2c71e5f99927a9 753348 net optional 
snort_2.9.15.1-3.debian.tar.xz
 1ce44b839eef0a8ad7ad45810d3c9d8b 12366 net optional 
snort_2.9.15.1-3_i386.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEFQ8Kq6ttIR3DT+AOix9vSKslf5gFAl8UYAcACgkQix9vSKsl
f5iNBxAAq7VBGfCv93RpEs3YHn36mgkCqnksut8dX9pNjKkhgt/9CnADRT5JsHjO
13jcM1ezzBkUWSLJfee0bTJRW3G7fZxAZN3S5OY/DnzwlkEqDnvJ/YhLwH9MXsSm
Zr3Km+/cejh1Aw1pEeMdOcTi15U9HTKMKcG6gaR2Ox48VKgF4e+wqYCmWgAVkeig
p+oa8XYKl/alqw2iTIjPZZb9MBaoGSmcZ+EVR5hCYIBEcUyV2Qg1Vg3sAawGVEUo
1LGUMjdw3LOOqSPmfox1HbDbZkCOMDLY3Ss77r4HduwyIPDRwmWG61Xl3D4+wqpM
pzRnLqlcFAbeF7LcgjEROnmXhpp1RKlPD/yPVbJWqgtqgJ+uskgLWrIw1D8vbdYa
M7A2tbfJrt+Ml6y0ee/eIISthOcTiENfQ3aiTZVuWNtlbea45CDQhZaZsOt/H7De
9HRUrax21VJQrFzBMxmiSErWAZjh9j8jmconTQnNYfCKpU2qDWk3iaG5N84nt8kh
G6TTAET/whT20XacYeTk7Nu/x6lKVW1kWKy/V3GovLgx7Rimrl5V+kxer4m+6Str
+J7CAdpt27nnzkIMt7sNjyPND/WlwHribGLoDMx6GqiY5+fZuZP3OlOFp3/yWiFS
bOzL1YJXSKv92LBgYjb3W3SAhU6HDnekIvITs+qS1lH3HDtung4=
=dPdQ
-----END PGP SIGNATURE-----

--- End Message ---