StellarTech Blog

Recently I started to have issues with my snort rules not wanting to update and the snort service not wanting to stay running on my pfsense box. Taking a quick look at the forums I found several other with this problem and many different solutions the most prominent being to edit /etc/inc/system.inc. This fix seems to be hit and miss. Personally I did not want to edit unless I just needed to so I took the following approach.

Using the web UI it appears that snort would hang for a while before it would error out all together.

My first approach was to look into the logs. After finding nothing useful there I secure shelled into the machine and decided to launch snort from the command line to pinpoint exactly what was causing the problem.

Here is the command I used to launch snort:
snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -i ng0 -A full

Snort died instantly because it could not open /usr/local/etc/snort/rules/attack-responses.rules which means either the directory rules was missing or there might be a permissions problem. After running “ls -al /usr/local/etc/snort | grep rules” I found out that the rules directory was indeed missing. I recreated, chmod 755, and reran the snort update process. Everything worked afterwards.

We are proud to announce an expansion of our current hosting offering. In the past we have offered more of a managed approach to hosting with each site we develop free for a year which included a 12 hour support response turn around. In order to give clients more control over their development and hosting environment we have expanded our fleet of dedicated servers with 2 more Linux cPanel servers.

We are currently migrating many of our existing clients to the new servers who have requested control panel access to their hosting environment. If you have an existing site with us and would like to have it migrated let us know and we will do so free of charge if requested before the month of April 2009.

New hosting and support packages will be offered at a later date so stay tuned.

Vista is just chalked full of surprises. I’ve been using it since it was first released and still more truths surface about it’s horrific visage silently hiding underneath it’s resource hungry interface. Waiting for an inconvenient moment to make itself known.

One such surprise was to discover that hyper terminal was no longer a part of Windows. While this software doesn’t get used as much as say solitaire, it does come in handy to configure ASAs and other serial devices.

After I made this discovery I cried for a few minutes and then finally got around to learning how to do the same thing with putty due to the necessity of my current predicament. A Cisco ASA 5505 needed some serial love and hyper terminal was no where to be found. Procrastination would just have to wait. ** insert rimshot here **

Using putty turned out to be straight forward and just as easy as hyper terminal which sucked anyway. You can start by opening putty, click Session, select the Serial option, leave speed at 9600, and enter in the COM port.

Next click “Serial” underneath “Connections”. All of the defaults are good with the exception of flow control. Set this option to none.

Finally click open and power on the device. Horray for putty!

Have you ever setup a cool /etc/motd on your Ubuntu installation just to see it vanish after a reboot? We don’t need Scooby and the gang to solve this mystery since it’s obviously a start-up script.

Here some cli medicine to make things all better:
touch /etc/motd.static && rm -f /etc/motd; ln -s /etc/motd.static /etc/motd

By default /etc/motd is symlinked to /var/run/motd which is rebuilt by /etc/init.d/bootmisc.sh every time you reboot.