Fedora Security :: Snort Dead But Subsys Locked
Mar 4, 2009
I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
View 2 Replies
ADVERTISEMENT
Aug 8, 2011
I have cloned linux installation from USB drive to another. The system is Fedora core and it is used as a software for encoding live stream (it's using PCI encoding cards). The system works well on original hardware configuration, however when I use this cloned flash drive on another hardware configuration one service will not start. It is a "calld" service and it is a service which has a protection which limits its execution to original hardware platform only (mac authentication probably). I need to get this service up, so when I type command "service calld starts/tatus" or "etc/init.d/calld start" I get response "service is dead and subsystems are locked". I tried matching mac address to original hardware configuration but still the same. This is a config file of service /etc/init.d/calld
#!/bin/bash
#
# /etc/rc.d/init.d/calld
#
# Starts the calld
#
# chkconfig: 345 44 56
# description: xxxxxx
# processname: calld
### BEGIN INIT INFO
# Provides: calld
# Required-Start: $syslog $local_fs
# Required-Stop: $syslog $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop calld
# Description: xxxxxx
### END INIT INFO
# Source function library.....
I wonder is it possible to get it up by changing its configuration.
View 6 Replies
View Related
Dec 3, 2010
I have installed httpd on Fedora 13 with yum, but it is not working when I type in a browser : localhost
Code: [comp42 html]$ sudo /etc/init.d/httpd start
Starting httpd: [ OK ]
[comp42 html]$ sudo /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: [ OK ]
[comp42 html]$ sudo /etc/init.d/httpd stop
Stopping httpd: [FAILED]
[comp42 html]$ sudo /etc/init.d/httpd status
httpd is stopped
[comp42 html]$ sudo /etc/init.d/httpd start
Starting httpd: [ OK ]
[comp42 html]$ sudo /etc/init.d/httpd status
httpd dead but subsys locked
[comp42 html]$ sudo /etc/init.d/httpd help
[comp42 html]$ sudo /etc/init.d/httpd fullstatus
Connection refused
[comp42 html]$
Tried to reinstall several times, but nothing works. My firewall is disabled, does not work either while enabled. My httpd conf is the default one. What is going wrong?
View 3 Replies
View Related
Oct 11, 2010
I cannot start the pcsc deamon :
Code:
[root@jonas ~]# /sbin/service pcscd status
pcscd dead but subsys locked
[root@jonas ~]# /sbin/service pcscd start
Starting PC/SC smart card daemon (pcscd): [OK]
[root@jonas ~]# /sbin/service pcscd status
pcscd dead but subsys locked
What does this mean and what can I do about it?
View 4 Replies
View Related
Aug 3, 2011
I'm getting error while starting some service in Linux.
# /etc/init.d/observiced start
Starting Oracle Secure Backup services... 2011/08/02.23:03:01 child didn't lock rock file - child never locked rock file (FSP rock file manager) [FAILED]
When I see the status it gives me as mentioned below.
# /etc/init.d/observiced status
observiced dead but subsys locked
View 4 Replies
View Related
Jul 24, 2010
I have installed fedora 13 recently and installed IDPS(snort) on it. But now I am not able to start service httpd. When I write service httpd start, it says OK, but I know it is a false message bcoz when I write service httpd stop it gives me Failed.
On writing service httpd status it gives a message:
httpd dead but subsys locked
I have tried "rm -f /var/lock/subsys/httpd" - no solution
yum update hasn't solved my problem as well.
I have to show my project running at my college. And I can not understand properly the technical instructions as I am new to linux.
View 2 Replies
View Related
Mar 14, 2010
I also looked into the mail logs and found the following.
Mar 14 10:15:43 quant dovecot: Auth process died too early - shutting down
file or directory
Mar 14 10:15:43 quant dovecot: child 4442 (auth) returned error 127
View 3 Replies
View Related
Jul 7, 2010
but I think I have a reasonable handle on the /etc/init.d, /sbin/service, chkconfig, and runlevels stuff under CentOS. However, when I install particular daemons (not part of CentOS distro), I get a weird issue. If I log in as root and do /sbin/service <daemon> status, it says "... is running...", however, if I log in as a non su, and do the same /sbin/service ... status, it says "xxx dead but subsys locked." Is the daemon running or not? I assume it's some kind of privilege issue with how the daemon is setup versus the non root login.I would like to have users be able to use service to query daemon status as works with the base daemons like sshd and httpd.
View 2 Replies
View Related
Nov 12, 2010
I have centos 5.5 64bit installed. When I start the httpd service I get the above message. The message is bogus because the server is running and web pages work. Is there a fix out there to resolve this?
View 4 Replies
View Related
Aug 8, 2011
I've got a box with a fresh installation of CentOS 5.6, but had several configs copied from an old 4.8 box that I've now got to finish. Most everything seems fine, but I can't get apache running. It reports that it starts up fine, but immediately stops and reports "httpd dead but subsys locked"Most of the advice I've found while searching suggests to just delete the http.pid file and restart, which doesn't help in my case. I did find a few problems where SELinux was restricting httpd from creating or touching certain files (I found reports in /var/log/messages) but I've worked through that.
So the big question here is: /var/log/messages and /var/log/httpd/error_log are now empty, and don't show any more errors when I restart httpd. Does anyone know where else I can look for reporting/logging on what's happening to httpd to cause it to die?
View 1 Replies
View Related
Dec 5, 2010
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies
View Related
May 12, 2011
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
View 2 Replies
View Related
Feb 4, 2011
I am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies
View Related
Sep 1, 2011
How to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies
View Related
Feb 24, 2011
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
View 2 Replies
View Related
Mar 3, 2010
I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
View 4 Replies
View Related
May 10, 2010
I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
View 4 Replies
View Related
Dec 11, 2010
does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies
View Related
Jan 24, 2010
I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies
View Related
Feb 23, 2011
I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below
[Code]...
View 2 Replies
View Related
Jul 26, 2010
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
View 5 Replies
View Related
Mar 25, 2010
I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
View 6 Replies
View Related
Jun 5, 2010
A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.
View 5 Replies
View Related
Sep 3, 2010
I would like to use a wireless network, I type in the correct password but suddenly a new window pops up saying: 'an application wants to access to the keyring 'Vorgabe', but its is locked password:'
But I don't know what password it's talking about
I went to Password and Encryption keys, there are two folders
'password: vorgabe'
'Password: login'
View 9 Replies
View Related
May 12, 2010
I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies
View Related
Feb 7, 2011
Some how I seem to be locked out of my desktop computer. My password isn't working. For some reason all of a sudden it seems to have stopped working. I tried to reboot and now I'm locked out, I can't login. And I'm the only sudo user. How can I fix it or even reset my password
View 2 Replies
View Related
Jan 16, 2009
I have enabled desktop effects in KDE on Fedora 10.
I clicked "everything is OK", and accepted the settings and then everything went black ...
Then I have restarted X, logged again, still nothin' ... all black .... windows and action is present, but I can't see anything ...
How can I recover this ? I am using gnome now, ...
View 5 Replies
View Related
Feb 15, 2010
My part time hobby PC, running FC12, has started misbehaving following some recent updates. I hadn't booted the machine for about 10 days. It booted OK, I checked for updates, applied them, and then my problems started.When I boot now I get LONG delays after logging in and eventually will get the following error:
Could not display "x-nautilus-desktop:///".
Error DBus error.org.freedesktop.DBus.Error.NoReply:
Did not receive a reply, etc, etc...Have tried re-installing Nautilus, same problem. Being a relative Linux (though not Unix) newbie, what is Nautilus? Do I need it? Can I just get rid of it? Is there an alternative I can install that does work?
View 5 Replies
View Related
Jul 4, 2010
I know that this topic has been posted, responded to, and maybe even resolved, many times here, but I am stuck here with partially dead fileserver and need some pointers.
Problem: one disk drive that was part of a logical volume died. I have a replacement, but I can't get it into the LV and get the LV back up again.
pvcreate --uuid <uuid of dead drive> /dev/sdX1, where /dev/sdX1 is the newly created drive and its partition.
vgcfgrestore VolGroup
vgscan VolGroup
vgchange -ay VolGroup
e2fsck /dev/mapper/VolGroup-LogVol
but, e2fsck can't find a superblock. Apparently this drive is the first in the LV sequence, and it is not formatted as part of the LV.
So how to I get this new disk formatted into the LV without reformatting the entire LV and losing what data I still have?
(FWIW: this is on F11)
View 2 Replies
View Related
Sep 26, 2010
Quote:
When I look the Services panel, nxserver is listed but shows as "Service is Dead". Does this mean anything specifically? Could it be related to firewall or security issues? Right above it a related program to nxserver, nxsensor, is listed and it's shown as operational.
Same thing here in my Services panel. Just getting into using NX...the display seems near Win RDP quality over the home lan. I'm now trying to get the sound to work. What is this 'dummy output' in my Sound preferences and where did my sound cards go? I have one onboard sc and a PCI card, neither recognized via the NX client session. Looking to get ESD going which might be the issue.
View 3 Replies
View Related