snort report bugs and solutions for non-Ubuntu platforms
69 views
Skip to first unread message
Tony Robinson
Dec 8, 2012, 5:06:58 PM12/8/12
to snortrep...@googlegroups.com
Hello snort report users. I'm Tony Robinson.
Some of you may or may not know my project Autosnort that currently uses snort report to provide a front end for ips alerts.
I've noticed a problem with snort report where, if you install and use snort report on CentOS and/or Debian it results in a web front end that gives you garbled php that isn't being processed/rendered correctly. I have been able to reproduce this problem on CentOS 6.3 and Debian 6 and also have solutions for this problem.
If you are having problems similar to what this user experienced, try the following:
1) on CentOS and Debian edit your php.ini
on CentOS it is located at /etc/php.ini
on Debian it is located at /etc/php5/apache2/php.ini
on line 229 (may be 226 for Debian), change short_open_tag from Off to On and restart apache.
alternatively if you are in a situation where you cannot turn on the short_open_tag functionality, edit the following files:
alertchart.php
functions.php
index.php
info-retrieval.php
ipdetail.php
nbtscan.php
nmap.php
page_bottom.php
psdetail.php
sig-by-time-chart.php
sigdetail.php
srconf.php
the first line in each of these files is a "<?" -- this is known as a short open tag. if you modify the first line in each of these files from <? to <?php, this will alleviate the need to turn on short_open_tags. you could implement this in a small bash loop like so:
1) copy the filenames above into a file (let's call it file.out)
2) move file.out to your snort report directory
3) run the following: for i in `cat file.out`; do sed -i 's/<?/<?php/';done
4) remove file.out
there is one more thing that you need to do if you are using SELinux:
Change directory to the parent directory where snort report is installed -- usually this is /var/www/html, to cd there and run this command:
chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/
this is to allow the httpd process rw access to the snort report directory and not have SELinux deny it. Doing chown won't work -- I did tests on my own. This is the only way I am aware of to work around this with SELinux.
next, restart httpd
Centos: service httpd restart
Debian /etc/init.d/apache2 restart
and the problems you are facing should be resolved.
Some of you may or may not know my project Autosnort that currently uses snort report to provide a front end for ips alerts.
I've noticed a problem with snort report where, if you install and use snort report on CentOS and/or Debian it results in a web front end that gives you garbled php that isn't being processed/rendered correctly. I have been able to reproduce this problem on CentOS 6.3 and Debian 6 and also have solutions for this problem.
If you are having problems similar to what this user experienced, try the following:
1) on CentOS and Debian edit your php.ini
on CentOS it is located at /etc/php.ini
on Debian it is located at /etc/php5/apache2/php.ini
on line 229 (may be 226 for Debian), change short_open_tag from Off to On and restart apache.
alternatively if you are in a situation where you cannot turn on the short_open_tag functionality, edit the following files:
alertchart.php
functions.php
index.php
info-retrieval.php
ipdetail.php
nbtscan.php
nmap.php
page_bottom.php
psdetail.php
sig-by-time-chart.php
sigdetail.php
srconf.php
the first line in each of these files is a "<?" -- this is known as a short open tag. if you modify the first line in each of these files from <? to <?php, this will alleviate the need to turn on short_open_tags. you could implement this in a small bash loop like so:
1) copy the filenames above into a file (let's call it file.out)
2) move file.out to your snort report directory
3) run the following: for i in `cat file.out`; do sed -i 's/<?/<?php/';done
4) remove file.out
there is one more thing that you need to do if you are using SELinux:
Change directory to the parent directory where snort report is installed -- usually this is /var/www/html, to cd there and run this command:
chcon -R -t httpd_sys_rw_content_t snortreport-1.3.3/
this is to allow the httpd process rw access to the snort report directory and not have SELinux deny it. Doing chown won't work -- I did tests on my own. This is the only way I am aware of to work around this with SELinux.
next, restart httpd
Centos: service httpd restart
Debian /etc/init.d/apache2 restart
and the problems you are facing should be resolved.
Reply all
Reply to author
Forward
0 new messages