Actions
Bug #2549
closed
Snort 2.9.2.3 pkg v. 2.4.0 creates invalid configuration
Status:
Resolved
Priority:
High
Assignee:
-
Category:
Snort
Target version:
-
Start date:
07/11/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
I was setting up two pfsense 2.0.1-RELEASE i386 firewalls with the snort package today; one happened to get v2.3.0 and works, the other got v2.4.0 and will not start due to problems with the generated configuration file.
Attempting to start 2.4.0 after configuring an interface gives the following error:
snort[4984]: FATAL ERROR: /usr/local/etc/snort/snort_10669_bce1/snort.conf(95) => Failed to parse: No end brace found
That line reads:
preprocessor ssl: ports { 443,465,563,636,989,990,992,993,994,995 }, trustserver
s, noinspect_encrypted
On the working v2.3.0 machine the equivalent line reads:
preprocessor ssl: ports { 443 465 563 636 989 990 992 993 994 995 }, t
rustservers, noinspect_encrypted
...so I suspect the problem is the commas.
Trying to manually set the "Default SSL_IGNORE" setting on the Preprocessors tab in v2.4.0 to "443 465 563 636 989 990 992 993 994 995" causes this error instead:
snort[41149]: FATAL ERROR: /usr/local/etc/snort/snort_10669_bce1/snort.conf(54) Missing argument to SSL_PORTS_IGNORE
...with the offending line reading:
portvar SSL_PORTS_IGNORE [443,465,563,636,989,990,992,993,994,995]
Updated by Ermal Luçi 
Updated by
Actions