Bug 201701

Summary: snort not very usable after installation
Product: [Fedora] Fedora Reporter: Dennis Jacobfeuerborn <dennisml>
Component: snortAssignee: Dennis Gilmore <dennis>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-08 13:02:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dennis Jacobfeuerborn 2006-08-08 12:48:59 UTC 
After installing snort and snort-plain+flexresp I tried to start it without much
luck. I encountered the following errors before I gave up:

FATAL ERROR: /etc/snort/snort.conf(182) => Unknown rule type: dynamicpreprocessor
FATAL ERROR: /etc/snort/snort.conf(192) => Unknown rule type: dynamicengine
FATAL ERROR: /etc/snort/snort.conf(423) => Unable to open the IIS Unicode Map
file '/etc/snort/unicode.map'.
FATAL ERROR: /etc/snort/snort.conf(520) unknown preprocessor "ftp_telnet"
FATAL ERROR: /etc/snort/snort.conf(524) unknown preprocessor "ftp_telnet_protocol"
FATAL ERROR: /etc/snort/snort.conf(572) unknown preprocessor "smtp"

Snort should come with a reasonable default configuration that makes it possible
to run it.
Comment 1 Dennis Gilmore 2006-08-08 13:02:55 UTC 
I do need to do some work on the default configuration  however  We can not 
ship snort in a fashion that will make it just work.  This is due to the 
licenseing of the snort rules we can not ship them.  So we have no way to have 
it work. 

There is a README.fedora file in the snort package  that explains  why it does 
not function of the box.
Comment 2 Dennis Jacobfeuerborn 2006-08-08 14:37:56 UTC 
The problems I mentioned above don't seem to be related to the rules though.
Also according to http://www.snort.org/rules/:

Community Rules

In addition, the VRT is pleased to announce that will be maintaining a community
ruleset that contains rules submitted by members of the open source community.
While these rules are available as is, the VRT performs basic tests to ensure
that new rules will not break Snort. These rules are distributed under the GPL
and are freely available to all open source Snort users.
Comment 3 Dennis Gilmore 2006-08-08 15:09:55 UTC 
there is only a handful of rules in the community rules package.  you can not 
do anything useful with just those rules. 

The dynamic  engine  is not actually supplied  I am working on adding it. the 
rest are rules related.  they are files provided in the VRT rules  that you 
can only get by downloading directly from snort.org