[Snort-users] 1.9.0 and PostgreSQL weirdness

Derek Glidden dglidden at ...7172...
Mon Oct 14 13:52:01 EDT 2002


1) in response to a message I saw in the archives about 1.9.0 not
starting up correctly because it can't determine it's sensor ID, I had
to modify the PostgreSQL DB schema such that "last_cid" would allow NULL
values.  

In Snort's connect() call to the database, if it can't find an existant
sensor id for that particular sensor, it attempts to do an INSERT that
leaves "last_cid" NULL, which will fail as the default schema has that
column constrained with NOT NULL.  Hence a new Snort 1.9.0 trying to
connect to an empty database will fail until the SENSOR table allows
NULLs in the last_cid column.  (Probably it could be fixed in the Snort
code more accurately by inserting a "0" or other value on the first
"INSERT" that sets the sid, but I don't know the snort code well enough
to know what implications that would have, while leaving it NULL seems
to not harm anything.)

2) for some reason, 1.9.0 compiled against the same PostgreSQL libraries
as the 1.8.7 that's been running will not make an SSL'ed connection
(postgres client libraries compiled with --with-openssl to enable the
SSL-tunneled connection autonegotiation) to my PostgreSQL database.

I can make SSL connections with psql no problem at all from the same
host from which snort cannot connect.

Has anyone else seen this problem or can think of a reason why it would
be failing?  I've looked through the db connect code in snort and it
isn't (as far as I can tell) doing anything to explicitly DIS-allow SSL
connections, and the libpq client code is supposed negotiate SSL
automatically if the server supports it, and 1.8.7 worked just fine, so
I'm stumped.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72, at z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0, at z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for at ...1981...[128..$#a]}
print+x"C*", at a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 

         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/





More information about the Snort-users mailing list