Bug 6301 - snort can not bind to interface other than eth0
: snort can not bind to interface other than eth0
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/snort)
: unstable
: all Linux
: P2 major
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2005-03-22 19:52 by
Modified: 2008-02-18 10:46 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-03-22 19:52:00
snort can not bind to interface other than eth0 -- even if "any" requested.

This patch should be applied to /etc/rc.d/init.d/snortd:

--- snortd      2003-08-27 23:29:58 +0300
+++ snortd.dor  2005-03-22 17:36:50 +0200
@@ -36,7 +36,8 @@
            --expect-user snort -- \
            snort -u snort -g snort \
            -t /var/log/snort \
-           $(eval echo $(echo \$`echo ADDPARAMS_$i`))
+           $(eval echo $(echo \$`echo ADDPARAMS_$i`)) \
+           -i $i
        RETVAL=$?
        if [ $RETVAL != 0 ]; then
            return $RETVAL

Steps to Reproduce:
1. Install snort
2. Edit /etc/sysconfig/snort and change INTERFACES=any to INTERFACES=eth1,
   ADDPARAMS_any to ADDPARAMS_eth1
3. issue `service snortd start'
Actual Results:  
snort will bind to eth0 and write its PID to "/var/run//snort_eth0.pid"

Expected Results:  
:-)
------- Comment #1 From 2008-02-15 18:51:53 -------
Починилось ли за почти три года?
------- Comment #2 From 2008-02-18 10:37:08 -------
Думаю, давно :-)

Не проверял; у меня именно там -- именно тот snort до сих пор.
------- Comment #3 From 2008-02-18 10:46:31 -------
Посмотрел в init.d/snortd - и вправду починено.

Закрываю.