prelude/snort/prewikka startup errors[SOLVED]

BradN · Posted: Mon Apr 07, 2008 3:29 pm Post subject:

Can you verify there's a prelude user in /etc/passwd? If not, try creating one with useradd or your favorite user admin tool.

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

Thanks

# finger prelude
finger: prelude: no such user.
# useradd prelude
# passwd prelude
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: password updated successfully

# /etc/init.d/prelude-manager start
* Starting prelude-manager... ... [ !! ]

# tail -f /var/log/messages
Apr 7 10:31:25 upendra_ots sshd[18512]: Did not receive identification string from 127.0.0.1
Apr 7 10:33:25 upendra_ots sshd[18667]: Did not receive identification string from 127.0.0.1
Apr 7 10:33:30 upendra_ots useradd[18776]: new group: name=prelude, GID=1020
Apr 7 10:33:30 upendra_ots useradd[18776]: new user: name=prelude, UID=1005, GID=1020, home=/home/prelude, shell=/bin/bash
Apr 7 10:33:33 upendra_ots passwd[18781]: pam_cracklib(passwd:chauthtok): pam_parse: unknown option; try_first_pass
Apr 7 10:33:33 upendra_ots passwd[18781]: pam_cracklib(passwd:chauthtok): pam_parse: unknown option; try_first_pass
Apr 7 10:33:37 upendra_ots passwd[18781]: pam_unix(passwd:chauthtok): password changed for prelude
Apr 7 10:33:52 upendra_ots prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).
Apr 7 10:33:52 upendra_ots prelude-manager: ERROR: could not open /var/spool/prelude-manager/scheduler: Permission denied. (idmef-message-scheduler.c:750 idmef_message_scheduler_init)
Apr 7 10:33:52 upendra_ots prelude-manager: ERROR: couldn't initialize alert scheduler. (prelude-manager.c:223 main)

still no success !

BradN · Posted: Mon Apr 07, 2008 3:44 pm Post subject:

Well, I would probably make a group for it as well, so try this...

userdel prelude
groupadd prelude
useradd -g prelude prelude

and then, since it needs to access /var/spool/prelude-manager (and I would think such a location should be owned by prelude):

chown -R prelude:prelude /var/spool/prelude-manager

Edit: it looks from your log messages that useradd might have created a group already, so I think you can skip the first 3.

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

# groupadd prelude
groupadd: group prelude exists

# chown -R prelude:prelude /var/spool/prelude-manager

# /etc/init.d/prelude-manager start
* Starting prelude-manager... ... [ !! ]

# tail -f /var/log/messages
Apr 7 10:47:25 up sshd[20210]: Did not receive identification string from 127.0.0.1
Apr 7 10:49:25 up sshd[20384]: Did not receive identification string from 127.0.0.1
Apr 7 10:50:01 up cron[20527]: (apache) CMD (/usr/bin/php /var/www/localhost/htdocs/cacti/poller.php > /dev/null 2>&1)
Apr 7 10:50:01 up cron[20529]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Apr 7 10:51:25 up sshd[20643]: Did not receive identification string from 127.0.0.1
Apr 7 10:51:36 up nagios: SERVICE ALERT: nexus.ece.iit.edu;SSH;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Apr 7 10:52:26 upnagios: SERVICE ALERT: nexus.ece.iit.edu;SSH;OK;SOFT;2;TCP OK - 0.001 second response time on port 22
Apr 7 10:52:42 up prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).
Apr 7 10:52:42 up prelude-manager: ERROR: could not open /var/run/prelude-manager for reading/writing. (manager-auth.c:594 manager_auth_init)
Apr 7 10:52:42 up prelude-manager: WARNING: Profile 'prelude-manager' does not exist. In order to create it, please run: prelude-admin add prelude-manager --uid 0 --gid 0

again error

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

chown -R prelude:prelude prelude-manager

# /etc/init.d/prelude-manager start
* Starting prelude-manager... ... [OK]

Apr 7 11:00:40 up prelude-manager: INFO: server started (listening on 127.0.0.1 port 4690).
Apr 7 11:00:40 up prelude-manager: INFO: Generating 1024 bits Diffie-Hellman key for TLS...

BradN · Posted: Mon Apr 07, 2008 4:02 pm Post subject:

edit: nevermind, I see you've got it

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

Looks

prelude manager atleast is okay now.. I will see ahead if I have any issues with snort...

Can we change the wiki to include these commands which seem to be missing completely...

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

now snort issue,

# /etc/init.d/snort stop
* WARNING: snort has not yet been started.

# /etc/init.d/snort start
* Starting snort ... [ !! ]

# tail -f /var/log/messages
Apr 7 11:11:35 up snort[23253]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Apr 7 11:11:35 up snort[23253]: Non-RFC Compliant Characters: NONE
Apr 7 11:11:35 up snort[23253]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
Apr 7 11:11:35 up snort[23253]: rpc_decode arguments:
Apr 7 11:11:35 up snort[23253]: Ports to decode RPC on: 111 32771
Apr 7 11:11:35 up snort[23253]: alert_fragments: INACTIVE
Apr 7 11:11:35 up snort[23253]: alert_large_fragments: ACTIVE
Apr 7 11:11:35 up snort[23253]: alert_incomplete: ACTIVE
Apr 7 11:11:35 up snort[23253]: alert_multiple_requests: ACTIVE
Apr 7 11:11:35 up t[23253]: FATAL ERROR: /etc/snort/snort.conf(573) unknown preprocessor "ftp_telnet"

BradN · Posted: Mon Apr 07, 2008 4:31 pm Post subject:

eeh, this I have no idea about, sorry

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

USE="dynamicplugin mysql prelude for snort and profile snort in /etc/snort/snort.conf

snort started now.

but http://localhost/prewikka does not open now

upengan78 · l33t Joined: 27 Jun 2007 Posts: 711 Location: IL

mysql -u prelude prelude -p < /usr/share/libpreludedb/classic/mysql-update-14-6.sql
Enter password:

SOLVED :lol: