[Snort-users] Oinkmaster Oddity

Thompson, Jimi JimiT at ...10836...
Wed Dec 31 12:33:01 EST 2003


All,

I've been having a bit of a problem with Oinkmaster. I thought I'd automate
my update process a bit more so I installed Oinkmaster but couldn't get it
run.  I finally tracked down the problem.  The user that was running
Oinkmaster didn't have sufficient file privileges to write to the rules.
I've pasted in a sample of the Oinkmaster output below. I'm using the
Oinkmaster port from FreeBSD, so this may not apply to newer versions of
Oinkmaster.  

Fixing the write permissions on the individual rules files solved the
problem. However, the error message generated by Oinkmaster is more than a
bit misleading.  I googled this and found several posts with no reply, but I
did find a note in CVS for Oinkmaster that reports that using the move()
from File::Copy produces a false error message about "Cross-device link" so
for the good of all, I'm posting this to the list in hopes that this will
assist someone else and generally add to the sum total of human knowledge :)

Happy Oinking,

Jimi

------------------------------------------------------------------------
Downloading rules archive from
http://www.snort.org/dl/rules/snortrules-stable.tar.gz...
11:30:04 URL:http://www.snort.org/dl/rules/snortrules-stable.tar.gz
[116732/116732] -> "/tmp/oinkmaster.67491/snortrules.tar.gz" [1]
Archive successfully downloaded, unpacking... done.
Disabling rules according to /usr/local/etc/oinkmaster.conf... 0 rules
disabled.
Comparing new files to the old ones... done.
Creating backup of old rules... saved as
/usr/local/share/snortold/rules-backup-20031231-1130.tar.gz.

Oinkmaster: Error: could not move /tmp/oinkmaster.67491/rules//snmp.rules to
snmp.rules: Cross-device link

Oink, oink. Exiting...




More information about the Snort-users mailing list