Project

General

Profile

Actions
Copy link

Bug #11637

closed

Preprocs - possible to create two defaults

Added by Max Leighton about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
Snort
Target version:
-
Start date:
03/08/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fields, the new HTTP Inspect server configuration will change to 'default'. If the user doesn't notice this and saves, there will be a second un-removeable default configuration. Snort will subsequently fail to start on that interface with the error:

FATAL ERROR: /usr/local/etc/snort/snort_34319_em0/snort.conf(237) => Cannot configure 'global_server' settings more than once.

This can be recreated on http_inspect, Frag3, or Stream5.

Steps to reproduce:

1. Create a new Snort interface
2. Edit the interface and navigate to the <interface> Preprocs tab
3. Add a new server configuration under HTTP Inspect
4. Click the + Aliases button next to the Ports field. Select a port alias and hit save
The engine name and Bind-To IP address will now be 'default' and 'all'
5. Click save
There is now a second un-removeable server configuration.
6. Click save again and the Snort on this interface will fail with the above error

Tested on 4.1.3_2 on pfSense 2.5 CE and 2.4.5p1

Actions
Copy link

Also available in: Atom PDF