Snort rule update issue - snort

after updating rules with pulledport (/usr/local/bin/pulledpork.pl -c /usr/local/etc/snort/pulledpork.conf -T –l) snort (barnyard for sure) stop working, and freez at "+[ Signature Suppress list ]+".
If i start snort with "-A console" parameter it's show working test rule
I tried to comment "snort.rules', but it's don't help.
Debian 7.6

actually it's work fine, after update rules Snort satrting 3-5 min, so all and i need is just wait =)

Related

Diagnose watch utility

I have a script that runs in the background which uses watch to monitor a directory for changes. This works just fine. However, I had a need for the script which runs the monitoring script to be run as daemon. The daemon is running as the same user, but now watch is returning "1 Various failures."
I suspect that there is some environment variable that is not set right, but there are too many to use trial and error to diagnose the issue. And unfortunately, "Various failures" is not very helpful. Any ideas how I might diagnose this?
The command is
watch -d -t -g ls -l
I think something like the following can be used as a work-around.
diff <(ls -l) <(sleep 1; ls -l)
I finally discovered the following on stderr.
Error opening terminal: unknown.
It was easily resolved by the answer to error opening terminal. So it did turn out to be an environment variable. I don't see this error message in the code. Perhaps it occurs when making a system call that needs the terminal.

How to write a Powershell script to update a DNS server using BIND tools and nsupdate?

I recently started coding a DNS updater which takes the parameters of {operation} {domain} {TTL} {Type} {target}. And before I continue with it, I wanted to write a Powershell script to test if with it I can take these parameters and for DNS to either modify, delete or add a record.
The steps should go as follows:
C:/Users/User> nsupdate
> server 10.10.10.10
> update add mydomain.example.com 86400 A 10.1.1.1
> send
I couldn't manage to find much on this topic, mostly just for bash. If you got any pointers and guidance information please point me in the right direction :)
PS: I got Bind-toolsonly installed on my Windows 10 machine
You can put all your 3 commands in a file and direct nsupdate to read it as nsupdate commands.txt or just send them over STDIN.
I do not know the syntax of Powershell but under an Unix shell it will be something like that which you could probably easily translate:
echo -e "server 10.10.10.10\nupdate add mydomain.example.com 86400 A 10.1.1.1\nsend" | nsupdate

Mutt returns error from cmd line: Bad IDN in "from":

When trying to issue this command to send a file attachment from the command line I'm getting an error:
Bad IDN in "from": 'sd3.È'
sd3 is the name of my host.
The command I'm executing is:
echo "See attached file" | /usr/bin/mutt -a file.txt -s File:file.txt -- myemail#domain.com
I recently cloned an existing Centos7 server (made a copy of the virtual machine and spawned it as a second instance under a different IP) and everything has been working perfectly for awhile as far as I can tell. Not sure if that's relevant to this but it could be an indicator of what needs adjusting.
On the original server I cloned, I can run this command on without any error. I uninstalled mutt and re-installed it and I'm still getting the error.
.muttrc looks like this:
set mbox_type=Maildir
set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"
I also compared the /etc/Muttrc and /etc/Muttrc.local files and they're identical between the two systems. (Muttrc.local is empty)
Running the latest version of Mutt under CentOS7: Mutt 1.5.21 (2010-09-15)
So on two almost-identical servers, one runs, one doesn't. Any ideas what might be wrong?
I encountered the same problem and it was simply solved by setting the from variable in ~/.muttrc (in fact, the file didn't exist before and this is the only thing my .muttrc contains now):
set from="something#something.com"
I was smashing my head the entire day on this issue as I'm not permitted allow to installed outside of redhat repo
I found a workaround that is using option -x
-x Emulate the mailx compose mode.
echo "This is a test message" | mutt -x -s "Test Mail" john.smith#example.com
Setting the following environment variables worked for me.
EMAIL=default#company.com
REPLYTO=$EMAIL
export EMAIL REPLYTO
After a ton of research, there appears to be some obscure bugs that are still in this stable version of mutt - which is the standard package release on CentOS7.
First I removed my old version:
yum remove mutt.x86_64
I ended up downloading the latest source of mutt, 1.9.0 from mutt.org and manually compiling and installing it.
In order to compile the source version of Mutt, I also needed to run:
yum install ncurses-devel
Now the command works without this "bad IDN" error.
It appears CentOS 7.3 had mutt-1.5.21-26.el7.x86_64 and CentOS 7.4 now has mutt-1.5.21-27.el7.x86_64.
If you don't want to compile/install from source, I found that a Fedora 22 version (mutt-1.6.2-1.fc22.x86_64.rpm) works OK. I just removed the rpm that came from CentOS 7.4 and did a local install of the Fedora 22 rpm.
I ran into this working through some automated system builds (Centos7, Mutt 1.5.21).
Using strace and some other debugging it wasn't entirely clear what the issue was, but seemed to be circling dns/domain/hostname issues. I as able to get around/recreate the error by adding/remove the "search " in the /etc/resolv.conf file (works WITH a search domain).
Without a search domain, rendered the: Bad IDN in "from": ... error

Stunnel syntax on CentOS?

I am trying to correct the following stunnel syntax for CentOS 6.x:
stunnel -c -f -d 1143 -r imap.foo.tld:993 -P ''
The proposed syntax of is not working:
-c: No such file or directory (2)
To take care of XY problem concerns: I need to migrate my IMAP email from Host A to Host B. Generally I use imapcopy and port 143. However this time host A only supports SSL 993, which imapcopy does not. Stunnel is supposed to get around this, at least according to this tutorial: http://manurevah.com/blah/en/p/Migrate-emails-with-Imapcopy
That page contains a note (unfortunately not very well called out) that is of relevance.
NOTE: Stunnel doesn't work the same way since Debian Jessie (not sure since which version of stunnel). I've not dug in to it and hence do not know what the new syntax should be (if you know, let me know).
I don't know how you found that page but it is clearly old and out of date. (I can only find one other page that references stunnel having command line arguments like that and it lists itself as old more explicitly. Everything else I can find is about the new config file based configuration.)
You could also use pymap-copy instead imapcopy. It's more state of the art and you don't need stunnel.
Or you can write:
stunnel3 -c -f -d 1143 -r imap.foo.tld:993 -P ''
stunnel3 is a wrapper script for backward compability

Continue/run commands after ssh into VM

I have to take quite a few steps before I get into the file I need to be, which is why I'm trying to set up an alias in my terminal, that gets me to the file by running that alias.
The following steps are needed to arrive where I have to be:
cd Sites
vagrant ssh
cd /var/www/miniportal.billetten.dk/logs/
sudo -s
cd /etc/apache2/sites-available/
nano 25-av_miniportal.conf
Edit line 33 in that file (I guess it's possible to jump to that line)
I tried setting up an alias like this, but the problem is that it stops running the rest of the command after I SSH'd into Vagrant. if I manually exit Vagrant, it continues the command (and of course returns an error, because there is no such folder).
The question is: How do I make sure that everything from step 3 is executed AFTER step 2 is done logging in through SSH?
My ultimate goal is to set up an Apple Automator program that lets me put in a value that gets entered on line 33, but I'm fine with just an alias for now.
I know I asked this question a long time ago, but in the meantime I found a solution and forgot I had posted this question.
My alias in my .zshrc-file looks like this:
alias changeCust='ssh -t root#192.168.56.101 "nano +32 /etc/apache2/sites-enabled/25-av_miniportal.conf && service apache2 reload"'
In other words, it SSHs into vagrant as root (it asks for my password), nanos into a file on line 32 (or whatever line you need), then, when the file is saved, it reloads apache2 and the changes are applied.
Just use the below one and change the values.
alias AliasName='ssh -t root#your.ip.addres.here "nano +lineNumber /path/to/file"'