Bug 6301 - snort can not bind to interface other than eth0
Summary: snort can not bind to interface other than eth0
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: snort (show other bugs)
Version: unstable
Hardware: all Linux
: P2 major
Assignee: Serge A. Volkov
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-22 19:52 MSK by Dmytro O. Redchuk
Modified: 2008-02-18 10:46 MSK (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dmytro O. Redchuk 2005-03-22 19:52:00 MSK
snort can not bind to interface other than eth0 -- even if "any" requested.

This patch should be applied to /etc/rc.d/init.d/snortd:

--- snortd      2003-08-27 23:29:58 +0300
+++ snortd.dor  2005-03-22 17:36:50 +0200
@@ -36,7 +36,8 @@
            --expect-user snort -- \
            snort -u snort -g snort \
            -t /var/log/snort \
-           $(eval echo $(echo \$`echo ADDPARAMS_$i`))
+           $(eval echo $(echo \$`echo ADDPARAMS_$i`)) \
+           -i $i
        RETVAL=$?
        if [ $RETVAL != 0 ]; then
            return $RETVAL

Steps to Reproduce:
1. Install snort
2. Edit /etc/sysconfig/snort and change INTERFACES=any to INTERFACES=eth1,
   ADDPARAMS_any to ADDPARAMS_eth1
3. issue `service snortd start'
Actual Results:  
snort will bind to eth0 and write its PID to "/var/run//snort_eth0.pid"

Expected Results:  
:-)
Comment 1 Mikhail Gusarov 2008-02-15 18:51:53 MSK
Починилось ли за почти три года?
Comment 2 Dmytro O. Redchuk 2008-02-18 10:37:08 MSK
Думаю, давно :-)

Не проверял; у меня именно там -- именно тот snort до сих пор.
Comment 3 Mikhail Gusarov 2008-02-18 10:46:31 MSK
Посмотрел в init.d/snortd - и вправду починено.

Закрываю.