Paul Howarth wrote:
On Thu, 2005-03-31 at 16:16 -0500, Mark Sargent wrote:
my boot hangs after snort is initialized. The last line shown after the snort initialization message is Enabling swap space OK and then a continually blinking cursor below it. Nothing is reported in either /var/log/boot.log or /var/log/messages. Cheers.
So turn off automatic starting of snort for the time being and try to debug the initscript by starting it manually.
Paul.
Hi All,
Paul, I did exactly that, and then tried running ./rc.local from the terminal, but got a permission denied. When you say "initscript", do you mean the snort.conf file or the /etc/rc.d/rc.local which contains the following,
[root@localhost rc.d]# cat rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort
You probably need the -D option to run snort in daemon mode so that it backgrounds itself. Otherwise nothing after "snort" will run.
I got the following when starting manually,
[root@localhost ~]# snort -cs -i eth0 Running in IDS mode
Initializing Network Interface eth0
--== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file s
+++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: Unable to open rules file: s or ./s Fatal Error, Quitting..
Why did you specify "-cs", making it look for a rules file called "s"?
Paul.
