Re: [Shoki-users] chroot - make db
Status: Beta
Brought to you by:
spb
From: Jaliya B. <ja...@sl...> - 2007-09-27 05:46:07
|
Dear Stephen, First of all I would like to thank you for the support given. Yes, the problem was with the socket, after following your steps, now I am able to run 'make db'. It's working fine. But now I have some new issues: • ‘importer’ (possibly this) does not populate the db tables. o All the shoki*.gz go to ‘/usr/local/shoki/central/localhost.localdomain/corrupt’. where can it be the problem? • it's not possible to insert all the CVE entries using ‘cve2shoki –f’. http://cve.mitre.org/ does not have CVE & CAN .csv files any more. Only ‘allitems.csv’ with both ‘cve’ & ‘can’ together. In this file there are more than 40k entries, but only about 1762 loaded into the ‘vulnerabilities’ table. o So could you pl help me to update the table or could you pl send me a previous full-cve.csv and full-can.csv files that you might be having. • If I run ‘nessus against a target with a selected attack scripts’ and then want to check whether ‘shoki’ has detected those selected attacks, how can I do that? Do I need to upload nessus reports (.nbe) first or using cve values (references) is it possible? • Is it possible to get txt based alerts with cve values without using database tables? • Only very few Snort signatures can be loaded to shoki. So I had to comment many snort rules in snort_converted.conf file. Is this a limitation of shoki or is there any way to load more snort rules? Your further help is highly appreciated. (pl bear with me the formating error of this mail for today) Best Regards, Jaliya On Mon, 24 Sep 2007 23:09:14 -0700 "Stephen P. Berry" <sp...@me...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>But I was ABLE to start PgSQL after changing Unix_Socket_directory in >>postgres.conf to "/usr/local/shoki/chroot/tmp" and doing a >>"ln -s /usr/local/shoki/chroot/tmp /tmp" (removed the >>shoki/chroot/tmp >>created by "make chroot" first) > > I think I see the problem. Instead of: > > # ln -s /usr/local/shoki/choot/tmp /tmp > > (creating a symlink for the entire directory), you just want to >create > a symlink for the PostgreSQL socket: > > # ln -s /usr/local/shoki/chroot/tmp/.s.PGSQL.5432 /tmp > > The longish explanation: > > This is because by default postgres widgets (like createdb and so >forth) > will look for the socket in /tmp (regardless of what postgres.conf >says). > Since the shoki widgets run (by default) chroot'd and a chroot'd > process can't see outside the jail---which also means they can't >follow > symlinks---that means the socket itself needs to be inside the >chroot. > Everything else (which isn't running chroot'd) therefore needs the >symlink > to find the socket in the non-default location. > > Some applications (like syslog-ng) allow you to specify multiple >socket > locations for just this sort of thing. PostgreSQL unfortunately >does not. > > > Anyway, if I understand your mail correctly, you want to: > > -Remove the /usr/local/shoki/chroot/tmp you created by hand > -Re-run `make chroot' to re-recreate /usr/local/shoki/chroot/tmp > (these two steps are just to make sure the permissions on the tmp > directory are set correctly) > -Stop and restart PostgreSQL (to re-create the socket itself) > -As root: > > # ln -s /usr/local/shoki/chroot/tmp/.s.PGSQL.5432 /tmp > > -Then try `make db' again. > > Let me know if this fixes the problems you're seeing. I'll probably > update the documentation to be clearer on this tomorrow. > > > > > - -spb > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (OpenBSD) > > iD8DBQFG+KX8P32VcPQQS7wRAtfpAJ9eqEss3/kTzfFaTLNAmC6WaX56mgCeNV1m > fm+FHQOFOdw4YNAds4GPD+A= > =DYtV > -----END PGP SIGNATURE----- ******************************************************************************* The information contained in this email is confidential and intended solely for the intended recipient. Any use, distribution, transmittal or retransmittal of information contained in this email by persons who are not intended recipients may be a violation of law and is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ************SLTiDC Security System scanned this email for viruses.************* ******************************************************************************* INTERNET DATA CENTER,SRI LANKA TELECOM LIMITED,LOTUS ROAD,COLOMBO-1,SRI LANKA ******************************************************************************* |