[gentoo-user] snort say User "sguil" unknown

[gentoo-user] snort say User "sguil" unknown

[Turi Tropea]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi guys,
i'm new to this list, i'm graduating in computer science engineering and
this is my first thread :)
but above all i'm ITALIAN :)

i've a problem with a fresh intallation of snort
when i try to start the daemon with "/etc/init.d/snort start" it's fail

> darkbox turitropea # cat /var/log/messages | grep "snort"
> Oct 21 01:05:33 darkbox groupadd[32177]: new group: name=snort, GID=450
> Oct 21 01:05:33 darkbox useradd[32216]: new user: name=snort, UID=109, GID=450, home=/dev/null, shell=/usr/sbin/nologin
> Oct 21 01:21:09 darkbox snort: FATAL ERROR: User "sguil" unknown
> Oct 21 02:20:32 darkbox snort: FATAL ERROR: User "sguil" unknown
> Oct 21 03:16:03 darkbox snort: *** *** interface device lookup found: wifi0 ***
> Oct 21 03:16:03 darkbox snort:   Uh, you need to tell me to do something...  :No such file or directory
> Oct 21 03:16:23 darkbox snort: FATAL ERROR: User "sguil" unknown
> Oct 21 03:24:46 darkbox snort: FATAL ERROR: User "sguil" unknown
> Oct 21 03:25:34 darkbox rc-scripts: WARNING:  snort has not yet been started.
> Oct 21 03:25:37 darkbox snort: FATAL ERROR: User "sguil" unknown
> Oct 22 14:40:33 darkbox snort: FATAL ERROR: User "sguil" unknown

also i've used this guide to do all
http://forums.gentoo.org/viewtopic-t-399801.html (Your guide to snort,
mysql, apache, php, and BASE for Gentoo)

tanks in advance and excuse me for my bad english

- --
[             Salvatore Donato Tropea aka TuriTropea             ]
[     me [at] tropeadonato.eu -- http://www.tropeadonato.eu      ]
[       Gentoo GNU/Linux 2.6.18 on Asus A6Va -- KDE 3.5.2        ]
[          GNU/Linux User:#417399 -- GPG key ID 1AEF1990         ]
[ Fingerprint: 00A6 FD96 941F 6EFF 6932 0F60 A627 64F0 1AEF 1990 ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFO3GTpidk8BrvGZARAuSfAJ9fbzzOaA4X0g+MIOmWiwPGis5zcwCeMt46
Urm0ZhPNbvBrTBfyCfrBmTI=
=Zeiv
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: snort say User "sguil" unknown

[Harm Geerts]

On Sunday 22 October 2006 15:26, Turi Tropea wrote:
> hi guys,
> i'm new to this list, i'm graduating in computer science engineering and
> this is my first thread :)
> but above all i'm ITALIAN :)
>
> i've a problem with a fresh intallation of snort
> when i try to start the daemon with "/etc/init.d/snort start" it's fail
>
> > darkbox turitropea # cat /var/log/messages | grep "snort"
> > Oct 21 01:05:33 darkbox groupadd[32177]: new group: name=snort, GID=450
> > Oct 21 01:05:33 darkbox useradd[32216]: new user: name=snort, UID=109,
> > GID=450, home=/dev/null, shell=/usr/sbin/nologin Oct 21 01:21:09 darkbox
> > snort: FATAL ERROR: User "sguil" unknown Oct 21 02:20:32 darkbox snort:
> > FATAL ERROR: User "sguil" unknown Oct 21 03:16:03 darkbox snort: *** ***
> > interface device lookup found: wifi0 *** Oct 21 03:16:03 darkbox snort:  
> > Uh, you need to tell me to do something...  :No such file or directory
> > Oct 21 03:16:23 darkbox snort: FATAL ERROR: User "sguil" unknown Oct 21
> > 03:24:46 darkbox snort: FATAL ERROR: User "sguil" unknown Oct 21 03:25:34
> > darkbox rc-scripts: WARNING:  snort has not yet been started. Oct 21
> > 03:25:37 darkbox snort: FATAL ERROR: User "sguil" unknown Oct 22 14:40:33
> > darkbox snort: FATAL ERROR: User "sguil" unknown
>
> also i've used this guide to do all
> http://forums.gentoo.org/viewtopic-t-399801.html (Your guide to snort,
> mysql, apache, php, and BASE for Gentoo)

That guide doesn't mention sguil so I guess it's safe to turn it off.

echo "net-analyzer/snort -sguil" >> /etc/portage/package.use
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: snort say User "sguil" unknown

[Turi Tropea]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Harm Geerts ha scritto:

> That guide doesn't mention sguil so I guess it's safe to turn it off.
> 
> echo "net-analyzer/snort -sguil" >> /etc/portage/package.use

I have already done this

darkbox turitropea # equery uses snort
[ Searching for packages matching snort... ]
[ Colour Code : set unset ]
[ Legend        : Left column  (U) - USE flags from make.conf
          ]
[                  : Right column (I) - USE flags packages was installed
with ]
[ Found these USE variables for net-analyzer/snort-2.4.5 ]
 U I
 + + flexresp : Enable connection tearing (not recommended)
 + + inline   : Enable snort-inline for accepting packets from iptables,
via libipq, rather than libpcap.
 + + mysql    : Adds mySQL Database support
 + + odbc     : Adds ODBC Support (Open DataBase Connectivity)
 - - postgres : Adds support for the postgresql database
 + + prelude  : Adds support/bindings for the Prelude Intrusion
Detection System
 - - selinux  : !!internal use only!! Security Enhanced Linux support,
this must be set by the selinux profile or breakage will occur
 - - sguil    : Enable sguil (The Analyst Console for Network Security
Monitoring) support
 + + snortsam : patches snort for use with snortsam
 + + ssl      : Adds support for Secure Socket Layer connections

any other suggestions?

tnx

- --
[             Salvatore Donato Tropea aka TuriTropea             ]
[     me [at] tropeadonato.eu -- http://www.tropeadonato.eu      ]
[       Gentoo GNU/Linux 2.6.18 on Asus A6Va -- KDE 3.5.2        ]
[          GNU/Linux User:#417399 -- GPG key ID 1AEF1990         ]
[ Fingerprint: 00A6 FD96 941F 6EFF 6932 0F60 A627 64F0 1AEF 1990 ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFO5ESpidk8BrvGZARAuzEAKC45Aq0ovNycq/cRH4q/66tMItKKQCcCcTu
bCeQ4NUZZ7viUogNIY8uuqU=
=JWKF
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list