Boot hangs after snort initialization
Paul Howarth
paul at city-fan.org
Thu Mar 31 09:33:02 UTC 2005
Mark Sargent wrote:
> Paul Howarth wrote:
>
>> On Thu, 2005-03-31 at 16:16 -0500, Mark Sargent wrote:
>>
>>
>>> my boot hangs after snort is initialized. The last line shown after
>>> the snort initialization message is Enabling swap space OK and then
>>> a continually blinking cursor below it. Nothing is reported in either
>>> /var/log/boot.log or /var/log/messages. Cheers.
>>>
>>
>>
>> So turn off automatic starting of snort for the time being and try to
>> debug the initscript by starting it manually.
>>
>> Paul.
>>
>>
> Hi All,
>
> Paul, I did exactly that, and then tried running ./rc.local from the
> terminal, but got a permission denied. When you say "initscript", do you
> mean the snort.conf file or the /etc/rc.d/rc.local which contains the
> following,
>
> [root at localhost rc.d]# cat rc.local
> #!/bin/sh
> #
> # This script will be executed *after* all the other init scripts.
> # You can put your own initialization stuff in here if you don't
> # want to do the full Sys V style init stuff.
>
> touch /var/lock/subsys/local
> /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g snort
You probably need the -D option to run snort in daemon mode so that it
backgrounds itself. Otherwise nothing after "snort" will run.
> I got the following when starting manually,
>
> [root at localhost ~]# snort -cs -i eth0
> Running in IDS mode
>
> Initializing Network Interface eth0
>
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file s
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ERROR: Unable to open rules file: s or ./s
> Fatal Error, Quitting..
Why did you specify "-cs", making it look for a rules file called "s"?
Paul.
More information about the fedora-list
mailing list