Bug Reports

Bug report for OpenIDS 1.9:

[Bug no :1]The crontab on the sensor contains an error.(reported by: Travis Lee)
Change the row: "/var/www/htdocs/oinkfix/oinkupdate.sh | logger"
To: "/usr/local/bin/oinkupdate.sh | logger"


[Bug no :2]The syntax for the fullcontent ringbuffer on the sensor contains an error.(reported by: Travis Lee) - updated: 2008-11-12

The solution below does not solve the issue, it seems like dumcap (which is used by tshark to enable the ring-buffer) do not honour the "switch" size (if size if over 1 GB per file). This seems to be a OpenBSD problem.. I suggest that If you don't need the fullcontent, remove the tshark row in /etc/rc.local. (OpenIDS 2.0 will *not* contain tshark but it will instead use daemonlogger for the fullcontent. I'm sorry for the inconvenience. If you *do* need the fullcontent function (and can't wait for 2.0) I will release a solution based on daemonlogger later this week for you to apply if needed.

* Change the syntax in /etc/rc.local

* Current syntax:
/usr/local/bin/tshark -i interface -n -q -b filesize:size -b file:5 -w > /tmp/fcontent &

* New syntax:
/usr/local/bin/tshark -i internface -n -q -a filesize:size -b files:5 -w > /tmp/fcontent &

Bug report for OpenIDS 1.8:

[Bug no :1]In '/etc/p0f/p0f-db.conf' the password for the p0f database user is set to a "test" password. (reported by: Michael deViveiros)
Change the row: "mysql user=p0f password=w0lf dbname=p0f_db host=127.0.0.1"
To: "mysql user=p0f password=YOUR OPENIDS PASSWORD dbname=p0f_db host=127.0.0.1"

Bug report for OpenIDS 1.7:

[Bug no :1] (serious) somehow the rc.conf on a remote sensor is not on by default due to the PF variable in rc.conf, change it to YES and do a pfctl -f/etc/pf.conf

Bug report for OpenIDS 1.6:

[Bug no: 1] Missing snortalog page after install. The problem is solved after 20 min when the cron job is run. There should have been a snortalog page saying "no information available at this time" (reported by: Yanuar Ismawan )

[Bug no: 2] Due to a mistake no statistics are generated. Please change the following: "*/10 * * * * /usr/local/bin/./stats.sh > /var/www/htdocs/stats.htm > /dev/null 2>&1" to: "*/10 * * * * /usr/local/bin/./stats.sh > /var/www/htdocs/stats.htm" Do this on all installations, by issuing "crontab -e" and then remove the"> /dev/null 2>&1" (reported by: Mikael Keri )