Bug 6301

Summary: snort can not bind to interface other than eth0
Product: Sisyphus Reporter: Dmytro O. Redchuk <dor>
Component: snortAssignee: Serge A. Volkov <vserge>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: major    
Priority: P2 CC: oddity, sem
Version: unstable   
Hardware: all   
OS: Linux   

Description Dmytro O. Redchuk 2005-03-22 19:52:00 MSK 
snort can not bind to interface other than eth0 -- even if "any" requested.

This patch should be applied to /etc/rc.d/init.d/snortd:

--- snortd      2003-08-27 23:29:58 +0300
+++ snortd.dor  2005-03-22 17:36:50 +0200
@@ -36,7 +36,8 @@
            --expect-user snort -- \
            snort -u snort -g snort \
            -t /var/log/snort \
-           $(eval echo $(echo \$`echo ADDPARAMS_$i`))
+           $(eval echo $(echo \$`echo ADDPARAMS_$i`)) \
+           -i $i
        RETVAL=$?
        if [ $RETVAL != 0 ]; then
            return $RETVAL

Steps to Reproduce:
1. Install snort
2. Edit /etc/sysconfig/snort and change INTERFACES=any to INTERFACES=eth1,
   ADDPARAMS_any to ADDPARAMS_eth1
3. issue `service snortd start'
Actual Results:  
snort will bind to eth0 and write its PID to "/var/run//snort_eth0.pid"

Expected Results:  
:-)
Comment 1 Mikhail Gusarov 2008-02-15 18:51:53 MSK 
Починилось ли за почти три года?
Comment 2 Dmytro O. Redchuk 2008-02-18 10:37:08 MSK 
Думаю, давно :-)

Не проверял; у меня именно там -- именно тот snort до сих пор.
Comment 3 Mikhail Gusarov 2008-02-18 10:46:31 MSK 
Посмотрел в init.d/snortd - и вправду починено.

Закрываю.