Hi,
I tried using the snort.conf.rpmnew file to replace the old snort.conf and it appears to be broken as it has an include line for threshold.conf which is not supplied. Commenting out the line fixes it.
Nick
[edit]
.... or possibly it is not as something also removed a load of lines below my old include lines in my snort.conf so perhaps the include threshold lines would have been removed on first run?
[/edit]
I tried using the snort.conf.rpmnew file to replace the old snort.conf and it appears to be broken as it has an include line for threshold.conf which is not supplied. Commenting out the line fixes it.
Nick
[edit]
.... or possibly it is not as something also removed a load of lines below my old include lines in my snort.conf so perhaps the include threshold lines would have been removed on first run?
[/edit]
Share this post:
Responses (1)
-
Accepted Answer
Digging further, it does not like like it is broken but the update routine is hostile. Snort updated itself and created /etc/snort.conf.rpmnew then some things I had in /etc/snort.conf after a certain point got changed so I lost my Emerging Threats set up, message suppression and all my comment lines. To me. if it creates an conf.rpmnew then it should not touch the conf file. Also it should have in the conf file a marker to say not to make any changes after a certain point or between certain points.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »