Snort mailing list archives
Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo
From: Todd Wease <twease () sourcefire com>
Date: Mon, 19 Nov 2012 13:44:50 -0500
On Mon, Nov 19, 2012 at 1:34 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 11/19/2012 12:50, Castle, Shane wrote:What's this? -> var $SNORT_HOME /var/snorta typo :/ it should have read var SNORT_HOME /var/snort var RULE_PATH $SNORT_HOME/rules var SO_RULE_PATH $SNORT_HOME/so_rules var PREPROC_PATH $SNORT_HOME/preproc_rulesYou have a "$" there incorrectly, I think, and something goofy ishappening.FWIW, I don't have that var anywhere in my snort.conf.most folks won't... it is what we call a "stem"... you'll note how the other vars build on it... with this stem, we can place other items in the stem directory or off of it like the rules directories... we can also build additional "stems"... eg: some enhanced systems may use something like this... var SNORT_HOME /var/snort var ET_HOME $SNORT_HOME/ET var VRT_HOME $SNORT_HOME/VRT var ET_RULE_PATH $ET_HOME/rules var VRT_RULE_PATH $VRT_HOME/rules var SO_RULE_PATH $VRT_HOME/so_rules var PREPROC_PATH $SNORT_HOME/preproc_rulesMaybe this var is set in a parent startup shell script and somehow theredef is appending to it? nah... not in this case... good guess, though!
It may be that there aren't any files in those directories or you don't have permissions to stat/read those files. What snort does if this happens is to try prepending the directory where the main snort.conf resides as given with the -c argument on the command line.
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- can't remember why... snot prepends /etc/ to paths resulting in /etc//foo waldo kitty (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo Castle, Shane (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo waldo kitty (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo Castle, Shane (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo waldo kitty (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo Todd Wease (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo waldo kitty (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo Paul Schmehl (Nov 19)
- Re: can't remember why... snot prepends /etc/ to paths resulting in /etc//foo Castle, Shane (Nov 19)