Package: snort Version: 2.9.2-3 Severity: important Tags: patch The portvar FILE_DATA_PORTS is not defined in the snort.conf, but is used by many new rulesets, meaning, as soon as the rulesets are updated, snort will not start with a configuration error.
See: http://blog.snort.org/2012/01/portvar-lookup-failed-on-filedataports.html ....to fix, add this to snort.conf after the definition of the HTTP_PORTS portvar: # List of file data ports for file inspection portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] THanks Nils -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.1.0-1-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages snort depends on: ii adduser 3.113+nmu1 ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-26 ii libdaq0 0.6.2-2 ii libdumbnet1 1.12-3.1 ii libgcrypt11 1.5.0-3 ii libgnutls26 2.12.16-1 ii libpcap0.8 1.2.1-1 ii libpcre3 8.12-4 ii libprelude2 1.0.0-7+b1 ii libuuid1 2.20.1-1.2 ii logrotate 3.8.1-1 ii net-tools 1.60-24.1 ii rsyslog [system-log-daemon] 5.8.6-1 ii snort-common 2.9.2-3 ii snort-common-libraries 2.9.2-3 ii snort-rules-default 2.9.2-3 ii zlib1g 1:1.2.6.dfsg-1 Versions of packages snort recommends: ii iproute 20120105-1 Versions of packages snort suggests: ii snort-doc 2.9.2-3 -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
