Bug 10791

Summary: snort: saving configuration in WUI leads to white screen / nothing saved
Product: IPFire Reporter: Dr. Boris Neubert <b>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED NOTABUG QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: michael.tremer
Version: 2   
Hardware: unspecified   
OS: Unspecified   

Description Dr. Boris Neubert 2015-04-06 09:50:53 UTC 
In the WUI, Services | Intrusion Detection: enable Snort Red, select any ruleset in combobox, press Save button. Get redirected to blank page (white background, page source is empty). Going to Intrusion Detection again shows that nothing has been saved.
Comment 1 Dr. Boris Neubert 2015-04-06 19:23:34 UTC 
see also https://forum.ipfire.org/viewtopic.php?f=22&t=13036

The permissions are OK:

[root@ipfire snort]# ll /etc/snort
total 216
drwxr-xr-x 2 nobody nobody   4096 Apr  3 17:22 rules
-rw-r--r-- 1 nobody nobody  22700 Apr  6 09:49 snort.conf
-rw-r--r-- 1 nobody nobody  20649 Mar 19 21:09 snort.conf.template
-rw-r--r-- 1 nobody nobody 160606 Mar 19 21:09 unicode.map
-rw-r--r-- 1 root   root       90 Apr  5 11:25 vars
[root@bunkertor snort]# ll /etc/snort/rules
total 14120
-rw-r--r-- 1 nobody nobody    1656 Apr  3 16:41 BSD-License.txt
-rw-r--r-- 1 nobody nobody    2638 Apr  3 16:41 classification.config
-rw-r--r-- 1 nobody nobody 1383325 Apr  6 09:49 community.rules
-rw-r--r-- 1 nobody nobody   15927 Apr  5 18:11 compromised-ips.txt
-rw-r--r-- 1 nobody nobody  298687 Apr  6 09:49 emerging-activex.rules
-rw-r--r-- 1 nobody nobody   59411 Apr  6 09:49 emerging-attack_response.rules
-rw-r--r-- 1 nobody nobody   28995 Apr  6 09:49 emerging-botcc.portgrouped.rules
-rw-r--r-- 1 nobody nobody  105520 Apr  6 09:49 emerging-botcc.rules
-rw-r--r-- 1 nobody nobody   34143 Apr  6 09:49 emerging-chat.rules
-rw-r--r-- 1 nobody nobody   28116 Apr  6 09:49 emerging-ciarmy.rules
-rw-r--r-- 1 nobody nobody   57441 Apr  6 09:49 emerging-compromised.rules
-rw-r--r-- 1 nobody nobody    3305 Apr  3 16:41 emerging.conf
-rw-r--r-- 1 nobody nobody  737395 Apr  6 09:49 emerging-current_events.rules
-rw-r--r-- 1 nobody nobody  822408 Apr  6 09:49 emerging-deleted.rules
-rw-r--r-- 1 nobody nobody   24796 Apr  6 09:49 emerging-dns.rules
-rw-r--r-- 1 nobody nobody   47866 Apr  6 09:49 emerging-dos.rules
-rw-r--r-- 1 nobody nobody   18398 Apr  6 09:49 emerging-drop.rules
-rw-r--r-- 1 nobody nobody    3101 Apr  6 09:49 emerging-dshield.rules
-rw-r--r-- 1 nobody nobody  169717 Apr  6 09:49 emerging-exploit.rules
-rw-r--r-- 1 nobody nobody   38940 Apr  6 09:49 emerging-ftp.rules
-rw-r--r-- 1 nobody nobody   29029 Apr  6 09:49 emerging-games.rules
-rw-r--r-- 1 nobody nobody   14420 Apr  6 09:49 emerging-icmp_info.rules
-rw-r--r-- 1 nobody nobody    8640 Apr  6 09:49 emerging-icmp.rules
-rw-r--r-- 1 nobody nobody   12345 Apr  6 09:49 emerging-imap.rules
-rw-r--r-- 1 nobody nobody   10007 Apr  6 09:49 emerging-inappropriate.rules
-rw-r--r-- 1 nobody nobody  111883 Apr  6 09:49 emerging-info.rules
-rw-r--r-- 1 nobody nobody  411522 Apr  6 09:49 emerging-malware.rules
-rw-r--r-- 1 nobody nobody   18349 Apr  6 09:49 emerging-misc.rules
-rw-r--r-- 1 nobody nobody   58961 Apr  6 09:49 emerging-mobile_malware.rules
-rw-r--r-- 1 nobody nobody  304938 Apr  6 09:49 emerging-netbios.rules
-rw-r--r-- 1 nobody nobody   44886 Apr  6 09:49 emerging-p2p.rules
-rw-r--r-- 1 nobody nobody  287882 Apr  6 09:49 emerging-policy.rules
-rw-r--r-- 1 nobody nobody    7548 Apr  6 09:49 emerging-pop3.rules
-rw-r--r-- 1 nobody nobody    1945 Apr  6 09:49 emerging-rbn-malvertisers.rules
-rw-r--r-- 1 nobody nobody    1916 Apr  6 09:49 emerging-rbn.rules
-rw-r--r-- 1 nobody nobody   48223 Apr  6 09:49 emerging-rpc.rules
-rw-r--r-- 1 nobody nobody   10070 Apr  6 09:49 emerging-scada.rules
-rw-r--r-- 1 nobody nobody   99502 Apr  6 09:49 emerging-scan.rules
-rw-r--r-- 1 nobody nobody   65497 Apr  6 09:49 emerging-shellcode.rules
-rw-r--r-- 1 nobody nobody    8164 Apr  6 09:49 emerging-smtp.rules
-rw-r--r-- 1 nobody nobody   13690 Apr  6 09:49 emerging-snmp.rules
-rw-r--r-- 1 nobody nobody  181809 Apr  6 09:49 emerging-sql.rules
-rw-r--r-- 1 nobody nobody    4194 Apr  6 09:49 emerging-telnet.rules
-rw-r--r-- 1 nobody nobody    6427 Apr  6 09:49 emerging-tftp.rules
-rw-r--r-- 1 nobody nobody  652387 Apr  6 09:49 emerging-tor.rules
-rw-r--r-- 1 nobody nobody 1549181 Apr  6 09:49 emerging-trojan.rules
-rw-r--r-- 1 nobody nobody   28134 Apr  6 09:49 emerging-user_agents.rules
-rw-r--r-- 1 nobody nobody    8200 Apr  6 09:49 emerging-voip.rules
-rw-r--r-- 1 nobody nobody  130116 Apr  6 09:49 emerging-web_client.rules
-rw-r--r-- 1 nobody nobody  217015 Apr  6 09:49 emerging-web_server.rules
-rw-r--r-- 1 nobody nobody 2867712 Apr  6 09:49 emerging-web_specific_apps.rules
-rw-r--r-- 1 nobody nobody    9579 Apr  6 09:49 emerging-worm.rules
-rw-r--r-- 1 nobody nobody   18269 Apr  3 16:41 gen-msg.map
-rw-r--r-- 1 nobody nobody   18092 Apr  3 16:41 gpl-2.0.txt
-rw-r--r-- 1 nobody nobody    1375 Apr  3 16:41 reference.config
-rw-r--r-- 1 nobody nobody 3119904 Apr  5 18:11 sid-msg.map
-rw-r--r-- 1 nobody nobody       0 Apr  3 16:41 snort-2.9.0-open.txt
-rw-r--r-- 1 nobody nobody   53709 Apr  3 16:41 unicode.map
-rw-r--r-- 1 nobody nobody   19571 Apr  3 17:22 VRT-License.txt


There is a problem with /var/ipfire/snort/settings:

[root@ipfire snort]# ll /var/ipfire/snort/
total 24
-rw-r--r-- 1 root root 20621 Aug 17  2014 oinkmaster.conf
-rw-r--r-- 1 root root     0 Aug 17  2014 settings

[root@ipfire snort]# tail -1 /var/log/httpd/error_log
[Mon Apr 06 09:49:41 2015] [error] [client 192.168.31.8] Unable to write file /var/ipfire/snort/settings at /var/ipfire/general-functions.pl line 179., referer: https://ipfire.xxx.xxx.xxx:444/cgi-bin/ids.cgi
Comment 2 Dr. Boris Neubert 2015-04-06 19:49:45 UTC 
Solved the problem:

Changed owner of /var/ipfire/snort/settings to nobody:nobody.

File was never touched by hand.

If no further investigation/action is intended, bug can be marked as CLOSED from reporter's point of view.