Netgate Store

Author Topic: Snort Package 3.2.9.6_1 Notes  (Read 425 times)

0 Members and 1 Guest are viewing this topic.

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3429
  • Karma: +898/-0
    • View Profile
Snort Package 3.2.9.6_1 Notes
« on: February 06, 2018, 12:34:41 pm »
Users of Snort will notice an update for the package to version 3.2.9.6_1.  This update only includes a binary fix for users of the Netgate SG-3100 appliance.  There are no GUI changes and no binary changes for Intel x86-based users.

So unless you want to run Snort on the SG-3100 appliance from Netgate, there is no compelling reason to upgrade to the 3.2.9.6_1 Snort package.

Bill

Offline locutus44

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Snort Package 3.2.9.6_1 Notes
« Reply #1 on: February 07, 2018, 08:52:35 am »
During update ...
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

Only the one with the unicode.map file seems to be wrong...
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3429
  • Karma: +898/-0
    • View Profile
Re: Snort Package 3.2.9.6_1 Notes
« Reply #2 on: February 08, 2018, 08:59:55 am »
During update ...
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

Only the one with the unicode.map file seems to be wrong...
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.

Something got really messed up with your install/uninstall process.  Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals).  I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib.  After this manual cleanup, install the Snort package again from Package Manager.

Bill


Offline Vidmo

  • Newbie
  • *
  • Posts: 5
  • Karma: +12/-0
    • View Profile
Re: Snort Package 3.2.9.6_1 Notes
« Reply #3 on: February 08, 2018, 08:01:01 pm »
During update ...
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.

Only the one with the unicode.map file seems to be wrong...
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.

Something got really messed up with your install/uninstall process.  Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals).  I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib.  After this manual cleanup, install the Snort package again from Package Manager.

Bill

Hi Bill, just for a point of reference, mine had the same "manually remove" messages from above when I ran the update to 3.2.9.6_1.
Vidmo

Offline revengineer

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +6/-0
    • View Profile
Re: Snort Package 3.2.9.6_1 Notes
« Reply #4 on: February 09, 2018, 11:44:25 am »
+1. I too encountered the "manual remove" messages and I never touched the automated installation. I do not recall whether I had the fatal error. Snort seems to work just fine but I may follow the instruction to remove and reinstall for good measure.