Re: [Sguil-devel] FreeBSD port
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-devel] FreeBSD port
|
From: Dafydd, S. <sid...@uw...> - 2008-05-12 13:02:15
|
Hi Paul, Great work on the updated ports! just a couple of bug reports: The pkg-install.in and pkg-deinstall.in files are missing from sguil-server port. The example_agent.sh.in, pads_agent.sh.in, pcap_agent.sh.in, sancp_agent.sh.in and snort_agent.sh.in files are missing from sguil-sensor port. Not sure about any missing files in sguil-client as not used it yet. It appears they were included as part of the multipart patch set you submitted but were not in the combined patch as can be seen on http://www.freebsd.org/cgi/query-pr.cgi?pr=122647 and http://www.freebsd.org/cgi/query-pr.cgi?pr=122646. After manually downloading the files sguil-[server|sensor] compiled and installed. I've got sguil-server setup and working with the updated ports, I'm now trying to get a sensor setup. The only problem I'm running into is when trying to start a sancp agent (haven't tried the other agents yet). I've put the following in my rc.conf file: ## SANCP sancp_enable="YES" sancp_flags="-D -d /nsm/any_servers/sancp -u sguil -g sguil" sancp_interface="bge1" sancp_conf="/usr/local/etc/sguil-sensor/sancp-ANY_SERVERS.conf" ## SANCP_AGENT sancp_agent_enable="YES" sancp_agent_conf="/usr/local/etc/sguil-sensor/sancp_agent-ANY_SERVERS.co nf" The agent refuses to run and outputs the following message: Starting sancp_agent. Couldn't determine where the sensor_agent.tcl config file is Looked for /usr/local/etc/sguil-sensor/sensor_agent.conf and ./sensor_agent.conf. Usage: /usr/local/bin/sguil-sensor/sancp_agent.tcl [-D] [-c] [-o] <filename> -c <filename>: PATH to config (sancp.conf) file. -D Runs /usr/local/bin/sguil-sensor/sancp_agent.tcl in daemon mode. So, it appears that it is unable to find the config file, but the file is definitely there! ls -l /usr/local/etc/sguil-sensor/sancp_agent-ANY_SERVERS.conf -rw-r--r-- 1 root sguil 1152 May 12 13:06 /usr/local/etc/sguil-sensor/sancp_agent-ANY_SERVERS.conf Could this be a bug with the sancp_agent rc startup file not appending "-c /usr/local/etc/sguil-sensor/sancp_agent-ANY_SERVERS.conf" when trying to run the script? Regards, Sion -----Original Message----- From: sgu...@li... [mailto:sgu...@li...] On Behalf Of Paul Schmehl Sent: 05 May 2008 22:26 To: Sguil Devel; Sguil-users Subject: [Sguil-devel] FreeBSD port The FreeBSD ports for server, sensor and client have been updated to version 0.7.0. In addition, the barnyard-sguil6 port has been renamed to barnyard-sguil and patched to fix a problem with barnyard failing to build when postgresql was selected as the database of choice. -- Paul Schmehl (pa...@ut...) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ------------------------------------------------------------------------ - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/j avaone _______________________________________________ Sguil-devel mailing list Sgu...@li... https://lists.sourceforge.net/lists/listinfo/sguil-devel |