[Snort-users] Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users

Tony Robinson deusexmachina667 at ...11827...
Sat Dec 1 03:03:05 EST 2012


Hello again snort users,

I wanted to reach out to snort users and let you all know that I've  found
some problems with snort report on Debian 6 and CentOS 6.3, as well has how
to resolve them. In my haste to push autosnort to Debian and CentOS, I did
not test thoroughly enough on redhat/CentOS and Debian. Upon revisiting
some testing, I've discovered problems with snort report on CentOS 6.3 and
Debian 6 that will prevent the webpage from displaying intrusion events or
well, much of anything.

If you run into problems in which the snort report menu displays, but you
get a bunch garbled PHP output  as well as a php tag for snort report's
page title, try the following:

On Debian:
edit /etc/php5/apache/php.ini. You will have to enable the short_open_tag
directive on line 226 by changing this line from "Off" to "On". Afterwards,
if you restart apache, your web page should render fine and you should be
able to see your intrusion events just fine.

On CentOS 6.3
you will have to make two edits if you have SELinux enabled and in
enforcing mode:
1) you will have to edit /etc/php.ini and enable the short_open_tag
directive on line 229. same as on Debian, change the option from "Off" to
"On" and restart httpd.
2) If you are running SELinux in enforcing mode, you will get file
permission errors for srconf.php. this is because SELinux is preventing
access to snort report files via the httpd process. to change this, enter
the following command: chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/

note: the other alternative is to disable SELinux and change ownership of
the entire snortreport directory and all files within to the apache user
and group. This isn't the right or recommended way of doing this, however.
SELinux is there for a reason other than to annoy you.

I apologize to my autosnort users for not having tested this more
thoroughly, and hope that this will be off assistance to anyone attempting
to install snort report on Debian or CentOS/Redhat in the future.

Sincerely,

DA

-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121201/35fb3087/attachment.html>


More information about the Snort-users mailing list