# prelude/snort/prewikka startup errors[SOLVED]

## upengan78

 *Quote:*   

> SNORT PRELUDE ERRORS ARE SOLVED, PLEASE SEE BOTTOM FOR PREWIKKA ERROR

 

Hi,

 I am using http://gentoo-wiki.com/HOWTO_IDS as reference,

It seems that following command is not working for me ..

/usr/bin/prelude-manager

07 Apr 10:12:43 (process:16305) INFO: Subscribing Normalize to active decoding plugins.

/etc/prelude-manager/prelude-manager.conf:112: invalid option "type" in "global" section.

/etc/prelude-manager/prelude-manager.conf:113: invalid option "host" in "global" section.

/etc/prelude-manager/prelude-manager.conf:114: invalid option "port" in "global" section.

/etc/prelude-manager/prelude-manager.conf:115: invalid option "name" in "global" section.

/etc/prelude-manager/prelude-manager.conf:117: invalid option "pass" in "global" section.

/etc/prelude-manager/prelude-manager.conf:144: invalid option "disable-buffering" in "global" section.

/etc/prelude-manager/prelude-manager.conf:145: invalid option "validate" in "global" section.

/etc/prelude-manager/prelude-manager.conf:146: invalid option "format" in "global" section.

/etc/prelude-manager/prelude-manager.conf:147: invalid option "logfile" in "global" section.

/etc/prelude-manager/prelude-manager.conf:148: invalid option "logfile" in "global" section.

/etc/prelude-manager/prelude-manager.conf:194: invalid option "logfile" in "global" section.

/etc/prelude-manager/prelude-manager.conf:195: invalid option "logfile" in "global" section.

07 Apr 10:12:43 (process:16305) INFO: server started (listening on 127.0.0.1 port 4690).

07 Apr 10:12:43 (process:16305) ERROR: could not lookup user 'prelude'. (manager-options.c:291 set_user)

07 Apr 10:12:43 (process:16305) WARNING: Option error: error while setting option 'user'.

/etc/init.d/prelude-manager stop

 * Caching service dependencies ...                                                                                                        [ ok ]

 * WARNING:  prelude-manager has not yet been started.

# /etc/init.d/prelude-manager start

 * Starting prelude-manager... ...                                                                                                         [ !! ]

/var/log/messages

Apr  7 10:11:25 ots sshd[16149]: Did not receive identification string from 127.0.0.1

Apr  7 10:11:57 ots prelude-lml: WARNING: Failover enabled: connection error with 127.0.0.1:4690: Connection refused

Apr  7 10:13:25 ots sshd[16326]: Did not receive identification string from 127.0.0.1

Apr  7 10:14:58 ots rc-scripts: WARNING:  prelude-manager has not yet been started.

Apr  7 10:15:00 ots prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).

Apr  7 10:15:00 ots prelude-manager: ERROR: could not lookup user 'prelude'. (manager-options.c:291 set_user)

Apr  7 10:15:00 ots prelude-manager: WARNING: Option error: error while setting option 'user'.

I have followed all steps but I don't understand what is going wrong ..

Please throw some light

ThanksLast edited by upengan78 on Mon Apr 07, 2008 6:01 pm; edited 4 times in total

----------

## BradN

Can you verify there's a prelude user in /etc/passwd?  If not, try creating one with useradd or your favorite user admin tool.

----------

## upengan78

Thanks

 # finger prelude

finger: prelude: no such user.

 # useradd prelude

 # passwd prelude

New UNIX password: 

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password: 

passwd: password updated successfully

 # /etc/init.d/prelude-manager start

 * Starting prelude-manager... ...                                                                                                         [ !! ]

 # tail -f /var/log/messages

Apr  7 10:31:25 upendra_ots sshd[18512]: Did not receive identification string from 127.0.0.1

Apr  7 10:33:25 upendra_ots sshd[18667]: Did not receive identification string from 127.0.0.1

Apr  7 10:33:30 upendra_ots useradd[18776]: new group: name=prelude, GID=1020

Apr  7 10:33:30 upendra_ots useradd[18776]: new user: name=prelude, UID=1005, GID=1020, home=/home/prelude, shell=/bin/bash

Apr  7 10:33:33 upendra_ots passwd[18781]: pam_cracklib(passwd:chauthtok): pam_parse: unknown option; try_first_pass

Apr  7 10:33:33 upendra_ots passwd[18781]: pam_cracklib(passwd:chauthtok): pam_parse: unknown option; try_first_pass

Apr  7 10:33:37 upendra_ots passwd[18781]: pam_unix(passwd:chauthtok): password changed for prelude

Apr  7 10:33:52 upendra_ots prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).

Apr  7 10:33:52 upendra_ots prelude-manager: ERROR: could not open /var/spool/prelude-manager/scheduler: Permission denied. (idmef-message-scheduler.c:750 idmef_message_scheduler_init)

Apr  7 10:33:52 upendra_ots prelude-manager: ERROR: couldn't initialize alert scheduler. (prelude-manager.c:223 main)

still no success !

----------

## BradN

Well, I would probably make a group for it as well, so try this...

userdel prelude

groupadd prelude

useradd -g prelude prelude 

and then, since it needs to access /var/spool/prelude-manager (and I would think such a location should be owned by prelude):

chown -R prelude:prelude /var/spool/prelude-manager

Edit: it looks from your log messages that useradd might have created a group already, so I think you can skip the first 3.

----------

## upengan78

# groupadd prelude 

groupadd: group prelude exists

# chown -R prelude:prelude /var/spool/prelude-manager 

# /etc/init.d/prelude-manager start

 * Starting prelude-manager... ...                                                                                                         [ !! ]

 # tail -f /var/log/messages

Apr  7 10:47:25 up sshd[20210]: Did not receive identification string from 127.0.0.1

Apr  7 10:49:25 up sshd[20384]: Did not receive identification string from 127.0.0.1

Apr  7 10:50:01 up cron[20527]: (apache) CMD (/usr/bin/php /var/www/localhost/htdocs/cacti/poller.php > /dev/null 2>&1)

Apr  7 10:50:01 up cron[20529]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )

Apr  7 10:51:25 up sshd[20643]: Did not receive identification string from 127.0.0.1

Apr  7 10:51:36 up nagios: SERVICE ALERT: nexus.ece.iit.edu;SSH;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds

Apr  7 10:52:26 upnagios: SERVICE ALERT: nexus.ece.iit.edu;SSH;OK;SOFT;2;TCP OK - 0.001 second response time on port 22

Apr  7 10:52:42 up prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).

Apr  7 10:52:42 up prelude-manager: ERROR: could not open /var/run/prelude-manager for reading/writing. (manager-auth.c:594 manager_auth_init)

Apr  7 10:52:42 up prelude-manager: WARNING:  Profile 'prelude-manager' does not exist. In order to create it, please run: prelude-admin add prelude-manager --uid 0 --gid 0

again error

----------

## upengan78

chown -R prelude:prelude prelude-manager 

 # /etc/init.d/prelude-manager start

 * Starting prelude-manager... ... [OK]

Apr  7 11:00:40 up prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).

Apr  7 11:00:40 up prelude-manager: INFO: Generating 1024 bits Diffie-Hellman key for TLS...

----------

## BradN

edit:  nevermind, I see you've got it  :Smile: 

----------

## upengan78

Looks   :Smile:   prelude manager atleast is okay now.. I will see ahead if I have any issues with snort...

Can we change the wiki to include these commands which seem to be missing completely...

----------

## upengan78

now snort issue,

# /etc/init.d/snort stop 

 * WARNING:  snort has not yet been started.

# /etc/init.d/snort start

 * Starting snort ...                                                                                                                      [ !! ]

# tail -f /var/log/messages

Apr  7 11:11:35 up snort[23253]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG

Apr  7 11:11:35 up snort[23253]:       Non-RFC Compliant Characters: NONE

Apr  7 11:11:35 up snort[23253]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 

Apr  7 11:11:35 up snort[23253]: rpc_decode arguments:

Apr  7 11:11:35 up snort[23253]:     Ports to decode RPC on: 111 32771 

Apr  7 11:11:35 up snort[23253]:     alert_fragments: INACTIVE

Apr  7 11:11:35 up snort[23253]:     alert_large_fragments: ACTIVE

Apr  7 11:11:35 up snort[23253]:     alert_incomplete: ACTIVE

Apr  7 11:11:35 up snort[23253]:     alert_multiple_requests: ACTIVE

Apr  7 11:11:35 up t[23253]: FATAL ERROR: /etc/snort/snort.conf(573) unknown preprocessor "ftp_telnet"

----------

## BradN

eeh, this I have no idea about, sorry  :Sad: 

----------

## upengan78

USE="dynamicplugin mysql prelude  for snort and profile snort in /etc/snort/snort.conf

snort started now.

but http://localhost/prewikka does not open now

 *Quote:*   

> Internal Server Error
> 
> The server encountered an internal error or misconfiguration and was unable to complete your request.
> 
> Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
> ...

 

apache2 logtail -f /var/log/apache2/error_log 

 *Quote:*   

> [Mon Apr 07 12:22:39 2008] [error] [client 127.0.0.1]   File "/usr/share/prewikka/cgi-bin/prewikka.cgi", line 85, in ?
> 
> [Mon Apr 07 12:22:39 2008] [error] [client 127.0.0.1]     core = Core.get_core_from_config(os.environ.get("PREWIKKA_CONFIG", None), threaded=False)
> 
> [Mon Apr 07 12:22:39 2008] [error] [client 127.0.0.1]   File "/usr/lib64/python2.4/site-packages/prewikka/Core.py", line 115, in get_core_from_config
> ...

 

----------

## upengan78

mysql -u prelude prelude -p < /usr/share/libpreludedb/classic/mysql-update-14-6.sql 

Enter password: 

SOLVED  :Laughing: 

----------

