Re: Snort: Mass Bug Closing

[Josip Rodin <joy@srce.hr>]

On Sun, Aug 24, 2003 at 04:51:08PM +0200, Josip Rodin wrote:
> > Instead I provide signed backported packages on p.d.o which I will keep
> > 'semi up to date'.
> > 
> > Before you object to this rather 'rude' bughandling, please keep in mind
> > that version 1.8.4 of snort, which is in stable, has 3 severe security
> > exploits, and is completely outdated in catching crooks (rulefiles) and
> > detection mechanisms. Not to speak of package stability ;)
> > 
> > It's for the users best interrest that I tell them to use the new version.
> > 
> > [2] deb http:///people.debian.org/~ssmeenk/snort-stable-i386/ ./
>                ~ Typo.
> 
> I've upgraded to this version and it has required me to press y to replace
> modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> pretty sure I never touched any of them. That's an pretty impressive amount
> of annoyance you managed to cause there.

Oh and it didn't even want to start properly -- and the init script wasn't
even so kind to tell me, I had to learn from syslog that

Aug 24 16:57:23 hostname snort: FATAL ERROR: Unable to open rules file: ../rules/bad-traffic.rules or /etc/snort/../rules/bad-traffic.rules

All it took to make it work was to change RULE_PATH from ../rules to
/etc/snort/rules, but it's still broken that it didn't detect this properly.

-- 
     2. That which causes joy or happiness.