Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Question about snortcenter on OpenBSD 3.4

From: Jon <j5n0rt5678 () yahoo com>
Date: Mon, 26 Jan 2004 06:40:32 -0800 (PST)
I have searched and worked this problem I am having
for days and cannot get past it.  
 
I am building an OpenBSD standalone snort box, with
mysql, ACID, and snortcenter with the following:  
    OpenBSD 3.4
    Snort 2.1.0
    Apache/1.3.28 (Unix) PHP/4.3.3 mod_ssl/2.8.15
OpenSSL/0.9.7b
    MySQL 3.23.57
    libcurl/7.10.5 OpenSSL/0.9.7b ipv6 zlib/1.1.4
 
Everything works great, except for snortcenter. 
Snortcenter cannot connect to agents, and cannot get
updates from the Internet.  I can populate to MySQL
using snortcenter, such as manually importing snort
rules from files, adding sensors, etc.  However,
snortcenter cannot connect to any agents, not the
local agent, not other (remote) agents.  
 
I have a working snort/mysql/acid/snortcenter box
running on Redhat with no problems.  The Linux
snortcenter is able to manage the sensor agent on my
OpenBSD box.  
 
I verified that PHP can call cURL by browsing to a
file in my snortcenter directory that I created with
the following info:
 
<?php

$url = "http://www.sourceforge.net/";;

$file = "./temp/sf.index.html";

 

$ch = curl_init ($url);

$fp = fopen ($file, "w") or

die("Unable to open $file for writing.\n");

 

curl_setopt ($ch, CURLOPT_FILE, $fp);

curl_setopt ($ch, CURLOPT_FAILONERROR, true);

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);

 

if (!curl_exec ($ch)) {

print("Unable to fetch $url.\n");

}

 

curl_close ($ch);

fclose ($fp);

?>

 
This script does create the /temp/sf.index.html file.
 
Snortcenter is unable to connect to any agents.  I am
not using SSL at the moment.
 
Things I can do:
1. While on the OpenBSD console, I can lynx to
localhost:2525
2. While on any other workstation, I can browse to
Openbsdhost:2525
3. While on linux snortcenter, I can connect to
Openbsd snortcenter agent and manage.
 
Things I cannot do:
1. While on OpenBSD snortcenter, I cannot connect to
any snortcenter agents, not the local one, nor the
linux one.
 
I have my miniserv.conf file as follows:
port=2525

bind=

root=/usr/local/bin/snortagent/sensor/cgi

host=snorthost.stigroup.net

addtype_cgi=internal/cgi

realm=SnortCenter Sensor

logfile=/var/log/snort/miniserv.log

pidfile=/var/log/snort/miniserv.pid

errorlog=/var/log/snort/miniserv.error

logtime=168

ssl=0

env_SENSOR_CONFIG=/etc/snort

env_SENSOR_VAR=/var/log/snort

atboot=1

logout=/etc/snort/logout-flag

denyfile=\.pl$

log=1

blockhost_failures=500

blockhost_time=60

passdelay=1

syslog=1

allow=

session=0

userfile=/etc/snort/sensor.users

keyfile=/etc/snort/sensor.pem

 

When I configure my php.ini file to display_errors,
then browse to snortcenter, I get a bunch of Notice
messages, eg:
 
Notice: Use of undefined constant sensors - assumed
'sensors' in
/htdocs/snortcenter/languages/en/lang.en.php on line
328
Notice: Use of undefined constant sensor_config -
assumed 'sensor_config' in
/htdocs/snortcenter/languages/en/lang.en.php on line
329
Notice: Use of undefined constant update_rules -
assumed 'update_rules' in
/htdocs/snortcenter/languages/en/lang.en.php on line
330
Notice: Use of undefined constant rules - assumed
'rules' in
/htdocs/snortcenter/languages/en/lang.en.php on line
331
Notice: Use of undefined constant vars - assumed
'vars' in /htdocs/snortcenter/languages/en/lang.en.php
on line 332

I have tried reconfiguring php.ini with
register_global=on and =off, with no success.
 
Any help you can give me is really appreciated!

Regards,
Jon


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: