Snort mailing list archives
RE: Trouble with SnortCenter Agent
From: "Steven B. Akers" <sbakers () truarx com>
Date: Wed, 20 Nov 2002 08:52:46 -0500
Hello, We were using the Steve Scott document. The actual error message is located in the /sensor/cgi/weblib.pl file. Here is the section of the file that is erroring out. else { # Get root directory from miniserv.conf, and deduce module name from $0 local %miniserv; &get_miniserv_config(\%miniserv); $root_directory = $miniserv{'root'}; if ($0 =~ /^$root_directory\/([^\/]+)\/[^\/]+$/) { $module_name = $1; } elsif ($0 !~ /^$root_directory\/[^\/]+$/) { &error("Script was not run with full path"); } } When I put in a little debug information to tell me what the variables $0 and $root_directory are at the time this weblib.pl is run, they are not the same, hence the error. But I am not clear on where this information is set. Any pointers in the right direction would be appreciated. Steve -----Original Message----- From: larc [mailto:larc () pandora be] Posted At: Wednesday, November 20, 2002 5:52 AM Posted To: Snort Mailing List Conversation: [Snort-users] Trouble with SnortCenter Agent Subject: Re: [Snort-users] Trouble with SnortCenter Agent Hi, I'm sorry but I don't have a clue, there is no error message like this in the agent setup and I never seen or hear this before. Are you using the manual from Steve Scott? If so it has been tested by hunderds of people and they never had that problem. If you like I can send you the init.d script and then you can install it yourself Sorry, Stefan Dens ------------------------ "Snort Mailing List" <SnortMailingList () truarx com> wrote: ------------------------ I am attempting install the agent on multiple clean installs of redhat
7.3 On all of them I am getting the following error as the setup.sh is installing, (Script was not run with full path) during the Configuring Snort Agent to start at boot time section. I have created the /etc/snort and /var/log/snort directories before running setup.sh. I have even tried this on two different machines, both were out of the box redhat installations. Any help would be appreciated. Below is a copy of the setup.sh and my answers, and well as the results from the script. Thanks Steve Akers root@SNARX01 sensor]# ./setup.sh ************************************************************************* *** ******* * Welcome to the SnortCenter Sensor Agent setup script, version 0.1.6 * ************************************************************************* *** ******* Installing Sensor in /opt/snortagent/sensor ... ************************************************************************* *** ********* The Sensor Agent uses separate directories for configuration files and log files. Unless you want to place them in a other directory, you can just accept the defaults. Config file directory [/opt/snortagent/sensor/conf]: /etc/snort Log file directory [/opt/snortagent/sensor/log]: /var/log/snort ************************************************************************* *** ************ SnortCenter Sensor Agent is written entirely in Perl. Please enter the full path to the Perl 5 interpreter on your system. Full path to perl (default /usr/bin/perl): Testing Perl ... Perl seems to be installed ok ************************************************************************* *** ***** SnortCenter Sensor Agent needs Snort to be installed, 'As if you didn't know :-)' Please enter the full path to snort binary. Full path to snort (default /usr/local/bin/): Ok, found Snort Version 1.9.0 (Build 209) Snort Rule config file directory [/opt/snortagent/sensor/rules/]: /etc/snort *********************************************************************** Operating system name: Redhat Linux Operating system version: 7.3 ******************************************************************** SnortCenter Sensor Agent uses its own password protected web server The setup script needs to know : - What port to run the Sensor Agent on. There must not be another service already using this port. - What ip address to listen on. - The login name required to access the Sensor Agent. - The password required to access the Sensor Agent. - The hostname of this system that the Sensor Agent should use. - If the Sensor Agent should use SSL (if your system supports it). - Whether to use ip access control. - Whether to start Snortcenter Sensor Agent at boot time. Sensor port (default 2525): If this host has multiple IP addresses, the server can be configured to listen on only one address (default any): Login name (default admin): Login password: Password again: Sensor host name (default SNARX01): Use SSL (y/n): y ************************************************************************* *** ***************** The Sensor Agent can be configured allow access only from certain IP addresses. Hostnames (like foo.bar.com) and IP networks (like 10.254.3.0 or 10.254.1.0/255.255.255.128) can also be entered. You should limit access to your sensor to trusted addresses like the SnortCenter Management Console, especially if it is accessible from the Internet. Otherwise, anyone who guesses your password will have complete control of your system. You can enter multiple addresses by typing a space between them like (127.0.0.1 foo.bar.com) Allowed IP addresses (default localhost):localhost 127.0.0.1 Start Sensor at boot time (y/n): y *********************************************************************** Creating Sensor Agent config files.. ...done Inserting path to perl into scripts.. ...done Creating start and stop scripts.. ...done Copying config files.. ...done Configuring SnortCenter Sensor Agent to start at boot time.. ----- Script was not run with full path ----- ...done Creating uninstall script /etc/snort/uninstall.sh .. ...done Changing ownership and permissions .. ...done Attempting to start Sensor Agent.. Starting SnortCenter Sensor Agent server in /opt/snortagent/sensor ...done -- Steven B. Akers Consulting Director TruArx, Inc. sbakers () truarx com 2000 Town Center Suite 1900 Southfield, MI 48075 P: 248.351.9780 F: 248.351.9781 http://www.truarx.com This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at (248) 351-9780. Thank you. ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Trouble with SnortCenter Agent Snort Mailing List (Nov 18)
- <Possible follow-ups>
- RE: Trouble with SnortCenter Agent Steven B. Akers (Nov 20)
- RE: Trouble with SnortCenter Agent Steven B. Akers (Nov 20)
- RE: Trouble with SnortCenter Agent Snort Mailing List (Nov 20)