Boot hangs after snort initialization

Paul Howarth paul at city-fan.org
Thu Mar 31 09:33:02 UTC 2005


Mark Sargent wrote:
> Paul Howarth wrote:
> 
>> On Thu, 2005-03-31 at 16:16 -0500, Mark Sargent wrote:
>>  
>>
>>> my boot hangs after snort is initialized. The last line shown after 
>>> the snort initialization message is Enabling swap space  OK and then 
>>> a continually blinking cursor below it. Nothing is reported in either 
>>> /var/log/boot.log or /var/log/messages. Cheers.
>>>   
>>
>>
>> So turn off automatic starting of snort for the time being and try to
>> debug the initscript by starting it manually.
>>
>> Paul.
>>  
>>
> Hi All,
> 
> Paul, I did exactly that, and then tried running ./rc.local from the 
> terminal, but got a permission denied. When you say "initscript", do you 
> mean the snort.conf file or the /etc/rc.d/rc.local which contains the 
> following,
> 
> [root at localhost rc.d]# cat rc.local
> #!/bin/sh
> #
> # This script will be executed *after* all the other init scripts.
> # You can put your own initialization stuff in here if you don't
> # want to do the full Sys V style init stuff.
> 
> touch /var/lock/subsys/local
> /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort

You probably need the -D option to run snort in daemon mode so that it 
backgrounds itself. Otherwise nothing after "snort" will run.

> I got the following when starting manually,
> 
> [root at localhost ~]# snort -cs -i eth0
> Running in IDS mode
> 
> Initializing Network Interface eth0
> 
>        --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file s
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ERROR: Unable to open rules file: s or ./s
> Fatal Error, Quitting..

Why did you specify "-cs", making it look for a rules file called "s"?

Paul.




More information about the users mailing list