Bug#962275: snort: Failed to start LSB

2020-07-19 Thread Javier Fernandez-Sanguino 
An update on this bug:

The missing symbols issue is really a problem in the daq library. A patch
introduced in 2.0.7-1 to fix some FTBFS bugs (959617, 958101) actually
disabled symbols in the library which are required. This will be soon fixed.

The issue related to the library location is a little bit more tricky to
fix. I have seen that the RedHat package (rpm - in snort.spec) actually
does this by modifying snort.conf when the package is built (using sed) to
change the library patch for the dynamicengine. I might need to introduce
something similar in the Debian package.

Saludos

Javier

Bug#962275: snort: Failed to start LSB

2020-07-06 Thread Javier Fernandez-Sanguino 
Dear Thorsten,

Indeed I have found two issues in the Snort package related to this bug
report:

1.- The location of the libraries in /etc/snort.conf is not correct for
different architectures. I need to find a way to ammend this value when the
package gets compiled (or find a way to locate this libraries in a common
place for all architectures)
2.- There are some symbols missing in
/usr/lib/x86_64-linux-gnu/libsfbpf.so.0

I have not yet found a way to fix either 1 or 2, and will continue
investigating.

Best regards

Javier

Bug#962275: snort: Failed to start LSB

2020-06-10 Thread Thorsten Bonow 

Javier Fernandez-Sanguino  writes:



Could you please confirm if the 'eth0' interface is available in the
system? One possible reason for startup failing is that the
interface is not the correct one (administrator should configure the
proper one via debconf).


Dear Javier,

the 'eth0' interface is available:

$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000

link/ether 74:d4:35:f8:9a:70 brd ff:ff:ff:ff:ff:ff
altname enp0s25
inet 192.168.1.27/24 brd 192.168.1.255 scope global dynamic eth0
   valid_lft 27084sec preferred_lft 27084sec
inet6 fe80::76d4:35ff:fef8:9a70/64 scope link
   valid_lft forever preferred_lft forever

Best regards

Toto

Bug#962275: snort: Failed to start LSB

2020-06-10 Thread Javier Fernandez-Sanguino 
On Fri, 5 Jun 2020 at 15:09, Thorsten Bonow 
wrote:

> Package: snort
> Version: 2.9.15.1-2
> Severity: grave
>
> Dear Maintainer,
>
> installation of 'snort' fails with a subprocess error (fresh install,
>  /etc/snort doesn't exist before installation.  Accepting the propose
> d network settings: 192.168.0.0/16).  Aptitude output:
>

Dear Thorsten,

Thank you for your report. The Snort package appears to be configured with
the following values:
 snort/address_range: 192.168.0.0/16
* snort/interface: eth0

Could you please confirm if the 'eth0' interface is available in the
system? One possible reason for startup failing is that the interface is
not the correct one (administrator should configure the proper one via
debconf).

Best regards

Javier

Bug#962275: snort: Failed to start LSB

2020-06-05 Thread Thorsten Bonow 

Package: snort
Version: 2.9.15.1-2
Severity: grave

Dear Maintainer,

installation of 'snort' fails with a subprocess error (fresh install, 
/etc/snort doesn't exist before installation.  Accepting the propose 
d network settings: 192.168.0.0/16).  Aptitude output:


**
Performing actions...
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Preconfiguring packages ...
Snort configuration: interface default not set, using 'eth0'
Selecting previously unselected package snort-common-libraries.
(Reading database ... 649619 files and directories currently installe 
d.)
Preparing to unpack .../0-snort-common-libraries_2.9.15.1-2_amd64.deb 
...

Unpacking snort-common-libraries (2.9.15.1-2) ...
Preparing to unpack .../1-snort-rules-default_2.9.15.1-2_all.deb ...
Unpacking snort-rules-default (2.9.15.1-2) ...
Preparing to unpack .../2-snort-common_2.9.15.1-2_all.deb ...
Unpacking snort-common (2.9.15.1-2) ...
Selecting previously unselected package libdaq2.
Preparing to unpack .../3-libdaq2_2.0.7-2_amd64.deb ...
Unpacking libdaq2 (2.0.7-2) ...
Selecting previously unselected package snort.
Preparing to unpack .../4-snort_2.9.15.1-2_amd64.deb ...
Unpacking snort (2.9.15.1-2) ...
Preparing to unpack .../5-oinkmaster_2.0-4_all.deb ...
Unpacking oinkmaster (2.0-4) ...
Setting up oinkmaster (2.0-4) ...
Setting up snort-common (2.9.15.1-2) ...
Setting up libdaq2 (2.0.7-2) ...
Setting up snort-rules-default (2.9.15.1-2) ...
Setting up snort-common-libraries (2.9.15.1-2) ...
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default not set, using 'eth0'
WARNING: tempfile is deprecated; consider using mktemp instead.
Job for snort.service failed because the control process exited with  
error code.
See "systemctl status snort.service" and "journalctl -xe" for details 
.

invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
 Loaded: loaded (/etc/init.d/snort; generated)
 Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:4 
3 CEST; 5ms ago

   Docs: man:systemd-sysv-generator(8)
Process: 259261 ExecStart=/etc/init.d/snort start (code=exited,  
status=1/FAILURE)


Jun 05 13:41:43 holly systemd[1]: Starting LSB: Lightweight network i 
ntrusion detection system...
Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface configuration, using  
/etc/snort/snort.conf
Jun 05 13:41:43 holly snort[259273]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface configuration, using  
/etc/sno
Jun 05 13:41:43 holly snort[259261]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface con

Jun 05 13:41:43 holly snort[259275]: Starting
Jun 05 13:41:43 holly systemd[1]: snort.service: Control process exit 
ed, code=exited, status=1/FAILURE
Jun 05 13:41:43 holly systemd[1]: snort.service: Failed with result ' 
exit-code'.
Jun 05 13:41:43 holly systemd[1]: Failed to start LSB: Lightweight ne 
twork intrusion detection system.

dpkg: error processing package snort (--configure):
 installed snort package post-installation script subprocess returne 
d error exit status 1

Processing triggers for systemd (245.5-3) ...
Processing triggers for man-db (2.9.2-1) ...
Processing triggers for libc-bin (2.30-8) ...
Errors were encountered while processing:
 snort
[ Rootkit Hunter version 1.4.6 ]
File updated: searched for 181 files, found 152
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up snort (2.9.15.1-2) ...
Snort configuration: interface default set, using eth0
WARNING: tempfile is deprecated; consider using mktemp instead.
Job for snort.service failed because the control process exited with  
error code.
See "systemctl status snort.service" and "journalctl -xe" for details 
.

invoke-rc.d: initscript snort, action "start" failed.
● snort.service - LSB: Lightweight network intrusion detection system
 Loaded: loaded (/etc/init.d/snort; generated)
 Active: failed (Result: exit-code) since Fri 2020-06-05 13:41:5 
4 CEST; 4ms ago

   Docs: man:systemd-sysv-generator(8)
Process: 269896 ExecStart=/etc/init.d/snort start (code=exited,  
status=1/FAILURE)


Jun 05 13:41:54 holly systemd[1]: Starting LSB: Lightweight network i 
ntrusion detection system...
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface configuration, using  
/etc/snort/snort.conf
Jun 05 13:41:54 holly snort[269907]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface configuration, using  
/etc/sno
Jun 05 13:41:54 holly snort[269896]: Starting Network Intrusion Detec 
tion System : snort (eth0 no specific interface con

Jun 05 13:41:54 holly snort[269909]: Starting
Jun 05 13:41:54 holly systemd[