0001651: Snort cannot start if pfdetect is not started - PacketFence

Bug Tracking System

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0001651

PacketFence

core

public

2013-06-12 15:08

2013-07-12 16:23

Reporter

dwuelfrath

Assigned To

dwuelfrath

Priority

high

Severity

major

Reproducibility

always

Status

assigned

Resolution

suspended

Platform

All

OS Version

All

Product Version

4.0.1

Target Version

Fixed in Version

Summary

0001651: Snort cannot start if pfdetect is not started

Description

When we start PacketFence, we create a FIFO (/usr/local/pf/var/alert) in which Snort is writing detected alerts.

Snort is trying to open that FIFO in WRITE mode but a FIFO can only be opened in WRITE if a process already opened that FIFO in READ.

Currently, PacketFence starts Snort before pfdetect (starting sequence) which cause Snort to hung since the FIFO cannot be opened in WRITE due to the lack of a process opening that FIFO in READ (pfdetect).

Startup sequence need to be adapted so that pfdetect is started before Snort.

Tags

No tags attached.

fixed in git revision

fixed in mtn revision

Attached Files

Relationships

Notes
(0003325) dwuelfrath (administrator) 2013-06-14 14:09	Mitigate in c2d817f0ecb53fb7a95a97fcd798ae1140b07f33

(0003341) lpelet (reporter) 2013-07-12 16:23	Same error when Suricata try to log into the fifo alert. Patch suricata.yaml in section where the alert file is declared to specify filetype = regular view https://github.com/inverse-inc/packetfence/commit/ff90a8c83ba2fa4c2d3bd6204643936443466025 [^]

Issue History
Date Modified	Username	Field	Change
2013-06-12 15:08	dwuelfrath	New Issue
2013-06-12 15:09	dwuelfrath	Assigned To	=> dwuelfrath
2013-06-12 15:09	dwuelfrath	Status	new => confirmed
2013-06-14 14:09	dwuelfrath	Note Added: 0003325
2013-06-14 14:09	dwuelfrath	Status	confirmed => assigned
2013-06-14 14:09	dwuelfrath	Resolution	open => suspended
2013-07-12 16:23	lpelet	Note Added: 0003341