CaptainCrunchy
Posts: 3
Joined: Wed Apr 01, 2015 5:39 pm

Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't install

Wed Apr 01, 2015 6:19 pm

Hello,

I wanted to install Snort 2.9.7.0-3 from the official Raspbian Jessie Repository, but it keeps giving me an error at "Setting up snort (2.9.7.0-3) ... "

* Raspberry Pi Model B
* Raspbian Jessie (upgraded from a fresh/ clean official image "Raspbian Wheezy")
* everything updated, upgraged and firmware updated
* nothing else installed


/etc/apt/sources.list

Code: Select all

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
I run these commands:

Code: Select all

sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install snort


...everything works good till this error shows up:

Code: Select all

Setting up snort (2.9.7.0-3) ...
Job for snort.service failed. See 'systemctl status snort.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing package snort (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 snort
E: Sub-process /usr/bin/dpkg returned an error code (1)
systemctl status snort.service

Code: Select all

[email protected]:/home/pi# systemctl status snort.service
● snort.service - LSB: Lightweight network intrusion detection system
   Loaded: loaded (/etc/init.d/snort)
   Active: failed (Result: exit-code) since Wed 2015-04-01 20:38:56 CEST; 1min 50s ago
  Process: 5764 ExecStart=/etc/init.d/snort start (code=exited, status=1/FAILURE)

Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(134) GID 1 SID 100000549 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(135) GID 1 SID 100000550 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(136) GID 1 SID 100000551 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(137) GID 1 SID 100000552 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(138) GID 1 SID 100000553 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(139) GID 1 SID 100000554 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(140) GID 1 SID 100000555 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(141) GID 1 SID 100000556 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(142) GID 1 SID 100000557 in rule...d rule
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(143) GID 1 SID 100000558 in rule...d rule
Apr 01 20:38:56 raspberrypi systemd[1]: snort.service: control process exited, code=exited status=1
Apr 01 20:38:56 raspberrypi systemd[1]: Failed to start LSB: Lightweight network intrusion detection system.
Apr 01 20:38:56 raspberrypi systemd[1]: Unit snort.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
journalctl -xn

Code: Select all

[email protected]:/home/pi# journalctl -xn
-- Logs begin at Wed 2015-04-01 18:23:38 CEST, end at Wed 2015-04-01 20:38:56 CEST. --
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(137) GID 1 SID 100000552 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(138) GID 1 SID 100000553 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(139) GID 1 SID 100000554 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(140) GID 1 SID 100000555 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(141) GID 1 SID 100000556 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(142) GID 1 SID 100000557 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:38 raspberrypi snort[5772]: WARNING: /etc/snort/rules/community-web-php.rules(143) GID 1 SID 100000558 in rule duplicates previous rule. Ignoring old rule.
Apr 01 20:38:56 raspberrypi systemd[1]: snort.service: control process exited, code=exited status=1
Apr 01 20:38:56 raspberrypi systemd[1]: Failed to start LSB: Lightweight network intrusion detection system.
-- Subject: Unit snort.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit snort.service has failed.
--
-- The result is failed.
Apr 01 20:38:56 raspberrypi systemd[1]: Unit snort.service entered failed state.


Any ideas? :|

ShorTie
Posts: 97
Joined: Sun May 12, 2013 3:54 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 6:42 am

Do believe you did not do a full upgrade to jessie,
after the 'apt-get upgrade' you must do a 'apt-get dist-upgrade' also.
To get fully upgraded to jessie.

Have A Great Day
ShorTie ;)

ktb
Posts: 1380
Joined: Fri Dec 26, 2014 7:53 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 6:48 am

I think I agree with ShorTie. Besides if you really upgraded to full Raspbian Jessie, I'd expect this wouldn't be the only thing going wrong for you (unless you're not using systemd).

CaptainCrunchy
Posts: 3
Joined: Wed Apr 01, 2015 5:39 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 1:53 pm

I've done dist-upgrade. I also upgraded the raspi-config tool. I really upgraded and updated everything. I am using the exact same Raspbian Jessie together with all kinds of software from the repo - everything (!) works without problems, exept Snort. And also all dependencies (snort-common, oinkmaster, ...) do work without problems.I also want to add, that I have done this like 3-5 times .... also with complete fresh formated SD Card each time.

Can someone try it himself, if he runs Jessie? Just do "sudo apt-get install snort". And when it finishes successfully, you can just remove it with "sudo apt-get remove snort" and "sudo apt-get autoremove", to clear everything from the install.

:cry:
Last edited by CaptainCrunchy on Thu Apr 02, 2015 4:36 pm, edited 3 times in total.

ktb
Posts: 1380
Joined: Fri Dec 26, 2014 7:53 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 2:21 pm

I'm sorry. I would help, but I've already downgraded my Pi's from Raspbian Jessie twice because it has so many legitimate problems. I'm not alone. You might be waiting for a while before someone running Raspbian Jessie sees your thread. I wish you luck.

plugwash
Forum Moderator
Forum Moderator
Posts: 3475
Joined: Wed Dec 28, 2011 11:45 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 2:53 pm

While people like to hate on systemd and i'm sure there are real issues in some cases i'm not convinced that in this case it's anything more than just the messenger relaying the message that snort failed to start.

CaptainCrunchy
Posts: 3
Joined: Wed Apr 01, 2015 5:39 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 4:04 pm

plugwash wrote:While people like to hate on systemd and i'm sure there are real issues in some cases i'm not convinced that in this case it's anything more than just the messenger relaying the message that snort failed to start.
Is there anything I can do to still get Snort running? Like a workaround or else?
Last edited by CaptainCrunchy on Thu Apr 02, 2015 4:32 pm, edited 1 time in total.

ktb
Posts: 1380
Joined: Fri Dec 26, 2014 7:53 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Thu Apr 02, 2015 4:22 pm

I like the idea of how systemd is supposed to work, it just needs to actually work that way. Some time in the future I expect it will be very reliable for just about any use case on all distros which offer it. The last time I tried it on Arch Linux and Ubuntu, it was working well enough. Raspbian Jessie, not so much.

cosax
Posts: 13
Joined: Tue Apr 30, 2013 1:18 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Sun Jan 17, 2016 3:01 pm

Is there an update on this one? I have just tried to install snort on Jessie and got the same problem.

Navyscourge
Posts: 258
Joined: Sat Oct 24, 2015 1:50 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Sun Jan 17, 2016 9:28 pm

I have a recent install of Jessie (November 2015). I just installed snort without any issues. It installed 33 packages (11.4 MB). I got a curses-style box asking for an IP address range, but I just accepted the default. It completed the install with no further messages apart from the usual install / configure ones.

I don't know what to do with it now installed.

petergi
Posts: 1
Joined: Sat Nov 26, 2016 6:28 pm

Re: Raspbian Jessie - Snort 2.9.7.0-3 (repository) won't ins

Sat Nov 26, 2016 6:39 pm

Hi,

I installed Jessie lite of 2016-09-23 and get the same error as CaptainCrunchy when trying to install snort with apt-get install snort.

snort (2.9.7.0-3) wird eingerichtet ...
Job for snort.service failed. See 'systemctl status snort.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript snort, action "start" failed.

Did anybody find a workaround meanwhile ?

Thank you.
Peter

Return to “Troubleshooting”