Bug 201701 - snort not very usable after installation
snort not very usable after installation
Product: Fedora
Classification: Fedora
Component: snort (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dennis Gilmore
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-08-08 08:48 EDT by Dennis Jacobfeuerborn
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-08 09:02:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dennis Jacobfeuerborn 2006-08-08 08:48:59 EDT
After installing snort and snort-plain+flexresp I tried to start it without much
luck. I encountered the following errors before I gave up:

FATAL ERROR: /etc/snort/snort.conf(182) => Unknown rule type: dynamicpreprocessor
FATAL ERROR: /etc/snort/snort.conf(192) => Unknown rule type: dynamicengine
FATAL ERROR: /etc/snort/snort.conf(423) => Unable to open the IIS Unicode Map
file '/etc/snort/unicode.map'.
FATAL ERROR: /etc/snort/snort.conf(520) unknown preprocessor "ftp_telnet"
FATAL ERROR: /etc/snort/snort.conf(524) unknown preprocessor "ftp_telnet_protocol"
FATAL ERROR: /etc/snort/snort.conf(572) unknown preprocessor "smtp"

Snort should come with a reasonable default configuration that makes it possible
to run it.
Comment 1 Dennis Gilmore 2006-08-08 09:02:55 EDT
I do need to do some work on the default configuration  however  We can not 
ship snort in a fashion that will make it just work.  This is due to the 
licenseing of the snort rules we can not ship them.  So we have no way to have 
it work. 

There is a README.fedora file in the snort package  that explains  why it does 
not function of the box.
Comment 2 Dennis Jacobfeuerborn 2006-08-08 10:37:56 EDT
The problems I mentioned above don't seem to be related to the rules though.
Also according to http://www.snort.org/rules/:

Community Rules

In addition, the VRT is pleased to announce that will be maintaining a community
ruleset that contains rules submitted by members of the open source community.
While these rules are available as is, the VRT performs basic tests to ensure
that new rules will not break Snort. These rules are distributed under the GPL
and are freely available to all open source Snort users.
Comment 3 Dennis Gilmore 2006-08-08 11:09:55 EDT
there is only a handful of rules in the community rules package.  you can not 
do anything useful with just those rules. 

The dynamic  engine  is not actually supplied  I am working on adding it. the 
rest are rules related.  they are files provided in the VRT rules  that you 
can only get by downloading directly from snort.org

Note You need to log in before you can comment on or make changes to this bug.