[tech] Server upgrades yesterday

David Adam zanchey at ucc.gu.uwa.edu.au
Mon Feb 13 10:07:05 WST 2012


On Sun, 12 Feb 2012, Daniel Axtens wrote:
>  - mooneye: left it so [BOB] can get his kicks on uptime
> 
>  - murasoi: updated packages and rebooted to get most recent kernel.
>    Installed snort. This became a rather epic quest:
>     - Install the snort pacakge. Realise it doesn't support netfilter 
>       queue, which [DAA] says is important.

Whoops. If I'd known it was going to be that hard I would have said not 
to bother! Sorry. It is probably the least intrusive way of running snort 
on a router.

>     - Install the dev packages libnetfilter-queue.
>     - Rebuild libdaq0 from source.
>     - Rebuild snort from source:
>        - Remove prelude support, it causes compiling to break due to a missing .la file.
>        - Hack the init.rd file to make it support nfq rather than pcap.
>     - NOTE: We're now using hacked up debian packages of snort and 
>       libdaq0 (versions are suffixed by "~dja"). PLEASE be careful when 
>       upgrading.

I've pinned these packages using apt_preferences(5). We should probably 
file an RFE with Debian to suggest NFQUEUE being enabled for their Linux 
packages.

>   Snort is currently only watching sigma, but feel free to expand it if you like.
> 
> NOTE: ucc-fw and dovecot2 didn't come up correctly after reboot. [DAA] 
> has hit dovecot2 over the head, but someone should confirm ucc-fw has 
> been correctly set up (it was missing symlinks in /dev/rcN.d/)

I've added LSB tags to the ucc-fw init script and updated the symlinks.

I also poked the bootloader on heathred so that it boots the kernel it's 
supposed to, and tested this.

[DAA]


More information about the tech mailing list