Ubuntu
snort package

Failed to install snort in non-interactive mode due to network interface name change to em*

Asked by Thomas d'Otreppe

By running 'DEBIAN_FRONTEND=noninteractive apt-get install snort -y', I automatically install snort on a server (as long as other stuff required by snort). It has been working fine so far but since we moved to Dell R220, on Ubuntu 14.04 LTS, the interface names are em1 and em2 instead of eth*.

That naming change is an issue since snort package asks on which interface it has to listen to (the default is eth0) and it verifies that the interface exists. Apt-get fails since the default, eth0, doesn't exist.

So, my question is the following: How do I specify the interface value (I unpacked the package and the variable for the interface is: INTERFACES) to my command so that it succeeds?

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu snort Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Thomas d'Otreppe (thomas-dotreppe) said : 		#1

Temporary fix:

1. Find an interface that's up

 for iface in $(ifconfig | grep encap | grep -v lo | awk '{print $1}')
 do
  IFACES+="${iface} "
 done

2. Create snort.debian.conf in /etc/snort

 mkdir /etc/snort
 echo 'DEBIAN_SNORT_HOME_NET="any"' > /etc/snort/snort.debian.conf
 echo "DEBIAN_SNORT_INTERFACE=\"$(echo $IFACES | sed 's/ *$//g')\"" >> /etc/snort/snort.debian.conf

3. Now you can run it in noninteractive:

 DEBIAN_FRONTEND=noninteractive apt-get install snort -y

Can you help with this problem?

Provide an answer of your own, or ask Thomas d'Otreppe for more information if necessary.

To post a message you must log in.