[Snort-users] Fixes for autosnort users as well as all Debian 6 and CentOS 6.3 snort report users

Tony Robinson deusexmachina667 at ...11827...
Sat Dec 1 12:12:47 EST 2012


my replies below yours:

On Sat, Dec 1, 2012 at 11:38 AM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 12/1/2012 03:03, Tony Robinson wrote:
> > On Debian:
> > edit /etc/php5/apache/php.ini. You will have to enable the short_open_tag
> > directive on line 226 by changing this line from "Off" to "On".
> Afterwards, if
> > you restart apache, your web page should render fine and you should be
> able to
> > see your intrusion events just fine.
>
> why not just fix the short open tags to proper long tags?
>

1. Sorry, I did NOT write snort report. I'm just posting what I had to do
to make it work. I had to do a bit of research on the web to figure this
out, and apparently I wasn't the first
one<http://seclists.org/snort/2012/q3/1101>to run into this problem.

>
> > On CentOS 6.3
> > you will have to make two edits if you have SELinux enabled and in
> enforcing mode:
> > 1) you will have to edit /etc/php.ini and enable the short_open_tag
> directive on
> > line 229. same as on Debian, change the option from "Off" to "On" and
> restart httpd.
>
> and here again... why not make the change in the code so it is never a
> problem
> any more instead of requiring everyone else to change their configurations?
>

See reply to answer 1 above. the script I provide installs snort report.. I
did not write snort report nor have any affiliation with symmetrix, the
creators of that front end. I do not know PHP well enough to do what you
suggest, nor am I a memeber of the snort report team.  I'm posting a
solution to a problem others have had. outside of scripting in BASH in
terms of programming I'm a lame duck and will own up to it. A lot of the
researching and testing I did was my first dive into PHP.


>
> > 2) If you are running SELinux in enforcing mode, you will get file
> permission
> > errors for srconf.php. this is because SELinux is preventing access to
> snort
> > report files via the httpd process. to change this, enter the following
> command:
> > chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/
>
> that command doesn't look right... or is chcon a new command like chown
> and chmod??
>
> chcon man page entry <http://linux.die.net/man/1/chcon>

tl; dr: chcon is to change SELinux permissions on a file/directory
recursively. We're changing permissions on the snortreport-1.3.3 directory
to allow the apache process the ability to read/write to files in this
directory; We're telling SELinux that this is expected behavior and to not
interfere.

>
>
> ------------------------------------------------------------------------------
> Keep yourself connected to Go Parallel:
> INSIGHTS What's next for parallel hardware, programming and related areas?
> Interviews and blogs by thought leaders keep you ahead of the curve.
> http://goparallel.sourceforge.net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121201/d83c761a/attachment.html>


More information about the Snort-users mailing list