Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] rc.config: -----w--w- after snort-Update (fwd)
  • From: Volker Weinberg <Volker.Weinberg@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 10 Feb 2002 13:23:11 +0100 (CET)
  • Message-id: <Pine.LNX.4.33.0202101249090.8221-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>


>I have moved the snort packages, info files and the patchfile to the
>/pub/suse/i386/update/7.2/.needs_review/ directory so that it's not
>available with semi-automated tools.

Well done.

>
> I could not reproduce it on my test system here, the permissions were at
> 644 before and after the upgrade of the package.
>

On Friday I could only figure out and reproduce it by recloning one of our
machines with an old reference system dated some time before the
online-update- however today I am quite surprised that I could reproduce
something that took me hours on Friday just in a few secs:


wank:~/snort # ll /etc/rc.config
-rw-r--r-- 1 root root 35005 Feb 10 12:35 /etc/rc.config

wank:~/snort # grep -i snort /etc/rc.config

wank:~/snort # rpm -q snort
package snort is not installed

wank:~/snort # rpm -ivh snort-1.7-38.i386.rpm
snort ##################################################
Updating etc/rc.config...

wank:~/snort # ll /etc/rc.config
-rw-r--r-- 1 root root 35136 Feb 10 12:39 /etc/rc.config

wank:~/snort # grep -i snort /etc/rc.config
# Should the snort packet-sniffer/logger be started at bootup? (yes/no)
START_SNORT="no"
SNORT_OPTS="-D -c /etc/snort/snort-lib"

wank:~/snort # rpm -Uvh snort-1.8.1-16.i386.rpm
snort ##################################################
Moving snort configuration file snort-lib to new name snort.conf.
Convert file reference from snort-lib to snort.conf in etc/rc.config
Updating etc/rc.config...

wank:~/snort # ll /etc/rc.config
-----w--w- 1 root root 35137 Feb 10 12:40 /etc/rc.config



wank:~/snort # chmod 644 /etc/rc.config

wank:~/snort # grep -i snort /etc/rc.config
# Should the snort packet-sniffer/logger be started at bootup? (yes/no)
START_SNORT="no"
SNORT_OPTS="-D -c /etc/snort/snort.conf"

-> Just another problem: rc.config is not cleaned after rpm -e ...
so having another try permissions keep being 644

wank:~/snort # rpm -e snort
cannot remove /etc/snort - directory not empty
wank:~/snort # grep -i snort /etc/rc.config
# Should the snort packet-sniffer/logger be started at bootup? (yes/no)
START_SNORT="no"
SNORT_OPTS="-D -c /etc/snort/snort.conf"
wank:~/snort # rpm -ivh snort-1.7-38.i386.rpm
snort ##################################################
Updating etc/rc.config...
wank:~/snort # grep -i snort /etc/rc.config
# Should the snort packet-sniffer/logger be started at bootup? (yes/no)
START_SNORT="no"
SNORT_OPTS="-D -c /etc/snort/snort.conf"
wank:~/snort # ll /etc/rc.config
-rw-r--r-- 1 root root 35137 Feb 10 12:46 /etc/rc.config
wank:~/snort # rpm -Uvh snort-1.8.1-16.i386.rpm
snort ##################################################
Moving snort configuration file snort-lib to new name snort.conf.
Convert file reference from snort-lib to snort.conf in etc/rc.config
ERROR: new etc/rc.config doesn't match the expacted file size.
Please check the content of SNORT_OPTS and set it to the one from
var/adm/fillup-templates/rc.config.snort
Updating etc/rc.config...
wank:~/snort # ll /etc/rc.config
-rw-r--r-- 1 root root 35137 Feb 10 12:47 /etc/rc.config

regards,

Volker Weinberg

---
Volker Weinberg volker.weinberg@xxxxxxxxxxxxxxxxxxxxxx
Dept.of Physics ++49(89)14 56 09 (home) 21 80-24 05 (CIP)
Univ. of Munich Andernacher Str. 17, D-80993 Muenchen




< Previous Next >
References