Snort ......ERROR: failed !

Support Debian
#1

Bien le bonjour chez vous. :006

Suite à la mise en place de snort ce jour et de sa configuration, voici l’erreur qui apparaît.

root@debian:~# /etc/init.d/snort start Starting Network Intrusion Detection System : snort (eth0 no /etc/snort/snort.eth0.conf found, defaulting to snort.conf ...ERROR: failed (check /var/log/syslog and /var/log/snort)) failed!

[quote]root@debian:~# cat /var/log/syslog
(…)Jan 25 12:48:32 debian snort[12590]: #012DCE/RPC Decoder config:
Jan 25 12:48:32 debian snort[12590]: Autodetect ports ENABLED
Jan 25 12:48:32 debian snort[12590]: SMB fragmentation ENABLED
Jan 25 12:48:32 debian snort[12590]: DCE/RPC fragmentation ENABLED
Jan 25 12:48:32 debian snort[12590]: Max Frag Size: 3000 bytes
Jan 25 12:48:32 debian snort[12590]: Memcap: 100000 KB
Jan 25 12:48:32 debian snort[12590]: Alert if memcap exceeded DISABLED
Jan 25 12:48:32 debian snort[12590]:
Jan 25 12:48:32 debian snort[12590]: DNS config:
Jan 25 12:48:32 debian snort[12590]: DNS Client rdata txt Overflow Alert: ACTIVE
Jan 25 12:48:32 debian snort[12590]: Obsolete DNS RR Types Alert: INACTIVE
Jan 25 12:48:32 debian snort[12590]: Experimental DNS RR Types Alert: INACTIVE
Jan 25 12:48:32 debian snort[12590]: Ports:
Jan 25 12:48:32 debian snort[12590]: 53
Jan 25 12:48:32 debian snort[12590]:
Jan 25 12:48:33 debian snort[12590]: FATAL ERROR: Warning: /etc/snort/rules/emerging-activex.rules(42) => Unknown keyword ’ file_data’ in rule!
Jan 25 12:48:39 debian kernel: [62216.200012] eth0: no IPv6 routers present
root@debian:~#
[/quote]
Suis allé voir /etc/snort/rules/emerging-activex.rules puis je l’ai commenté et fait un /etc/init.d/snort start

# Uncomment if needed. include threshold.conf #EmergingThreats.net Rules #include $RULE_PATH/emerging-activex.rules include $RULE_PATH/emerging-attack_response.rules #include $RULE_PATH/emerging-botcc-BLOCK.rules include $RULE_PATH/emerging-botcc.rules include $RULE_PATH/emerging-chat.rules #include $RULE_PATH/emerging-compromised-BLOCK.rules include $RULE_PATH/emerging-compromised.rules
Mais le résultat est le même.
Et ceci.

Jan 25 12:48:39 debian kernel: [62216.200012] eth0: no IPv6 routers present
nano /etc/hosts

[code]127.0.0.1 localhost
127.0.1.1 debian

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
[/code]
Là je donne ma langue au chat. :118

Une idée sur ce problème de config … j’aimerai bien comprendre … :017
Merci.

#2

Le message “eth0: no IPv6 routers present” est normal s’il n’y a pas de routeur IPv6 sur le réseau connecté à eth0 et n’a aucun rapport avec snort.

#3

Bonsoir,

Je reprends l’installation de snort à zéro.

Merci à toi PascalHambourg, pour tes infos.

A bientôt pour une cloche verte … :wink: