Re: Snort: Mass Bug Closing
On Sun, Aug 24, 2003 at 04:51:08PM +0200, Josip Rodin wrote:
> > Instead I provide signed backported packages on p.d.o which I will keep
> > 'semi up to date'.
> >
> > Before you object to this rather 'rude' bughandling, please keep in mind
> > that version 1.8.4 of snort, which is in stable, has 3 severe security
> > exploits, and is completely outdated in catching crooks (rulefiles) and
> > detection mechanisms. Not to speak of package stability ;)
> >
> > It's for the users best interrest that I tell them to use the new version.
> >
> > [2] deb http:///people.debian.org/~ssmeenk/snort-stable-i386/ ./
> ~ Typo.
>
> I've upgraded to this version and it has required me to press y to replace
> modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> pretty sure I never touched any of them. That's an pretty impressive amount
> of annoyance you managed to cause there.
Oh and it didn't even want to start properly -- and the init script wasn't
even so kind to tell me, I had to learn from syslog that
Aug 24 16:57:23 hostname snort: FATAL ERROR: Unable to open rules file: ../rules/bad-traffic.rules or /etc/snort/../rules/bad-traffic.rules
All it took to make it work was to change RULE_PATH from ../rules to
/etc/snort/rules, but it's still broken that it didn't detect this properly.
--
2. That which causes joy or happiness.
Reply to: