Honeypots
FW: Snort-Inline not working Aug 23 2006 11:27PM
Ian J. Hudson (ihudson waspc org)
Below is what I've encountered I'm really trying to get this to work,
not sure what went wrong.

Regards,
Ian J Hudson
IT Systems Specialist
WASPC
ihudson (at) waspc (dot) org [email concealed]
360.486.2380
>>
>> Sorry to bug you. With the Honeywall I've been able to see
stuff
>> happening with DNS externally, but I can't seem to get Snort,
>> Snort-Inline to work no matter how many restarts, reloads, and
> reboots.
>> As a result the honeywall restricts all outgoing and incoming
traffic.
>> That's the only hang up I am having with Honeywall currently
> everything
>> seems to be updated ran yum have it configured to autoupdate although
>> one of the update sites is bad. Other than that do you have any idea
>> how to fix Snort, Snort-Inline? I had previously thought it was a
bad
>> IPtables configuration, or the rc.firewall script, but those all
> should
>> be automated which leaves it to this possibly Snort, Snort-inline
> isn't
>> working, which they don't appear to be running.

Running Services..

argus (pid 3815 3270 3269) is running...
bridge name bridge id STP enabled interfaces
br0 8000.0002a58972f8 no eth0
eth1
cpuspeed is stopped
crond (pid 3984) is running...
dc_client is stopped
dc_server is stopped
gpm (pid 3975) is running...
hald (pid 4023) is running...
argus (pid 3815 3270 3269) is running...
hflowd (pid 3808) is running...
mysqld (pid 3170) is running...
p0f (pid 3336) is running
hflow-pcap (pid 3415) is running
snort-plain dead but subsys locked
snort-inline dead but pid file exists
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
Honeywall health as of Tue Aug 22 05:46:20 PDT 2006
Currently active devices:
lo
eth0
eth1
eth2
br0
bridge name bridge id STP enabled interfaces
br0 8000.0002a58972f8 no eth0
eth1
/etc/init.d/rc.firewall is active
hflowd (pid 3808) is running...
snort-inline dead but pid file exists
snort-plain dead but subsys locked
hflow-pcap (pid 3415) is running
p0f (pid 3336) is running
argus (pid 3815 3270 3269) is running...
mysqld (pid 3170) is running...
sebekd (pid 3647) is running...
Related services:
monit is stopped
swatch (pid 3908) is running...
Currently active devices:
lo
eth0
eth1
eth2
br0
Firewall is stopped.
irqbalance (pid 2762) is running...
dbus-daemon-1 (pid 4014) is running...
/etc/init.d/microcode_ctl: reading microcode status is not yet supported
monit is stopped
monit is stopped
mysqld (pid 3170) is running...
netplugd is stopped
Configured devices:
lo eth0 eth1 eth2
Currently active devices:
lo eth0 eth1 eth2 br0
ntpd is stopped
p0f (pid 3336 3061) is running...
master (pid 3964) is running...
/etc/init.d/rc.firewall is active
saslauthd is stopped
sebekd (pid 3647) is running...
smartd is stopped
snort dead but subsys locked
sshd (pid 5607 5605 3667) is running...
swatch (pid 3908) is running...
syslogd (pid 2748) is running...
klogd (pid 2752) is running...
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
xfs (pid 4005) is running...
xinetd is stopped
Nightly yum update is disabled.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus