In the WUI, Services | Intrusion Detection: enable Snort Red, select any ruleset in combobox, press Save button. Get redirected to blank page (white background, page source is empty). Going to Intrusion Detection again shows that nothing has been saved.
see also https://forum.ipfire.org/viewtopic.php?f=22&t=13036 The permissions are OK: [root@ipfire snort]# ll /etc/snort total 216 drwxr-xr-x 2 nobody nobody 4096 Apr 3 17:22 rules -rw-r--r-- 1 nobody nobody 22700 Apr 6 09:49 snort.conf -rw-r--r-- 1 nobody nobody 20649 Mar 19 21:09 snort.conf.template -rw-r--r-- 1 nobody nobody 160606 Mar 19 21:09 unicode.map -rw-r--r-- 1 root root 90 Apr 5 11:25 vars [root@bunkertor snort]# ll /etc/snort/rules total 14120 -rw-r--r-- 1 nobody nobody 1656 Apr 3 16:41 BSD-License.txt -rw-r--r-- 1 nobody nobody 2638 Apr 3 16:41 classification.config -rw-r--r-- 1 nobody nobody 1383325 Apr 6 09:49 community.rules -rw-r--r-- 1 nobody nobody 15927 Apr 5 18:11 compromised-ips.txt -rw-r--r-- 1 nobody nobody 298687 Apr 6 09:49 emerging-activex.rules -rw-r--r-- 1 nobody nobody 59411 Apr 6 09:49 emerging-attack_response.rules -rw-r--r-- 1 nobody nobody 28995 Apr 6 09:49 emerging-botcc.portgrouped.rules -rw-r--r-- 1 nobody nobody 105520 Apr 6 09:49 emerging-botcc.rules -rw-r--r-- 1 nobody nobody 34143 Apr 6 09:49 emerging-chat.rules -rw-r--r-- 1 nobody nobody 28116 Apr 6 09:49 emerging-ciarmy.rules -rw-r--r-- 1 nobody nobody 57441 Apr 6 09:49 emerging-compromised.rules -rw-r--r-- 1 nobody nobody 3305 Apr 3 16:41 emerging.conf -rw-r--r-- 1 nobody nobody 737395 Apr 6 09:49 emerging-current_events.rules -rw-r--r-- 1 nobody nobody 822408 Apr 6 09:49 emerging-deleted.rules -rw-r--r-- 1 nobody nobody 24796 Apr 6 09:49 emerging-dns.rules -rw-r--r-- 1 nobody nobody 47866 Apr 6 09:49 emerging-dos.rules -rw-r--r-- 1 nobody nobody 18398 Apr 6 09:49 emerging-drop.rules -rw-r--r-- 1 nobody nobody 3101 Apr 6 09:49 emerging-dshield.rules -rw-r--r-- 1 nobody nobody 169717 Apr 6 09:49 emerging-exploit.rules -rw-r--r-- 1 nobody nobody 38940 Apr 6 09:49 emerging-ftp.rules -rw-r--r-- 1 nobody nobody 29029 Apr 6 09:49 emerging-games.rules -rw-r--r-- 1 nobody nobody 14420 Apr 6 09:49 emerging-icmp_info.rules -rw-r--r-- 1 nobody nobody 8640 Apr 6 09:49 emerging-icmp.rules -rw-r--r-- 1 nobody nobody 12345 Apr 6 09:49 emerging-imap.rules -rw-r--r-- 1 nobody nobody 10007 Apr 6 09:49 emerging-inappropriate.rules -rw-r--r-- 1 nobody nobody 111883 Apr 6 09:49 emerging-info.rules -rw-r--r-- 1 nobody nobody 411522 Apr 6 09:49 emerging-malware.rules -rw-r--r-- 1 nobody nobody 18349 Apr 6 09:49 emerging-misc.rules -rw-r--r-- 1 nobody nobody 58961 Apr 6 09:49 emerging-mobile_malware.rules -rw-r--r-- 1 nobody nobody 304938 Apr 6 09:49 emerging-netbios.rules -rw-r--r-- 1 nobody nobody 44886 Apr 6 09:49 emerging-p2p.rules -rw-r--r-- 1 nobody nobody 287882 Apr 6 09:49 emerging-policy.rules -rw-r--r-- 1 nobody nobody 7548 Apr 6 09:49 emerging-pop3.rules -rw-r--r-- 1 nobody nobody 1945 Apr 6 09:49 emerging-rbn-malvertisers.rules -rw-r--r-- 1 nobody nobody 1916 Apr 6 09:49 emerging-rbn.rules -rw-r--r-- 1 nobody nobody 48223 Apr 6 09:49 emerging-rpc.rules -rw-r--r-- 1 nobody nobody 10070 Apr 6 09:49 emerging-scada.rules -rw-r--r-- 1 nobody nobody 99502 Apr 6 09:49 emerging-scan.rules -rw-r--r-- 1 nobody nobody 65497 Apr 6 09:49 emerging-shellcode.rules -rw-r--r-- 1 nobody nobody 8164 Apr 6 09:49 emerging-smtp.rules -rw-r--r-- 1 nobody nobody 13690 Apr 6 09:49 emerging-snmp.rules -rw-r--r-- 1 nobody nobody 181809 Apr 6 09:49 emerging-sql.rules -rw-r--r-- 1 nobody nobody 4194 Apr 6 09:49 emerging-telnet.rules -rw-r--r-- 1 nobody nobody 6427 Apr 6 09:49 emerging-tftp.rules -rw-r--r-- 1 nobody nobody 652387 Apr 6 09:49 emerging-tor.rules -rw-r--r-- 1 nobody nobody 1549181 Apr 6 09:49 emerging-trojan.rules -rw-r--r-- 1 nobody nobody 28134 Apr 6 09:49 emerging-user_agents.rules -rw-r--r-- 1 nobody nobody 8200 Apr 6 09:49 emerging-voip.rules -rw-r--r-- 1 nobody nobody 130116 Apr 6 09:49 emerging-web_client.rules -rw-r--r-- 1 nobody nobody 217015 Apr 6 09:49 emerging-web_server.rules -rw-r--r-- 1 nobody nobody 2867712 Apr 6 09:49 emerging-web_specific_apps.rules -rw-r--r-- 1 nobody nobody 9579 Apr 6 09:49 emerging-worm.rules -rw-r--r-- 1 nobody nobody 18269 Apr 3 16:41 gen-msg.map -rw-r--r-- 1 nobody nobody 18092 Apr 3 16:41 gpl-2.0.txt -rw-r--r-- 1 nobody nobody 1375 Apr 3 16:41 reference.config -rw-r--r-- 1 nobody nobody 3119904 Apr 5 18:11 sid-msg.map -rw-r--r-- 1 nobody nobody 0 Apr 3 16:41 snort-2.9.0-open.txt -rw-r--r-- 1 nobody nobody 53709 Apr 3 16:41 unicode.map -rw-r--r-- 1 nobody nobody 19571 Apr 3 17:22 VRT-License.txt There is a problem with /var/ipfire/snort/settings: [root@ipfire snort]# ll /var/ipfire/snort/ total 24 -rw-r--r-- 1 root root 20621 Aug 17 2014 oinkmaster.conf -rw-r--r-- 1 root root 0 Aug 17 2014 settings [root@ipfire snort]# tail -1 /var/log/httpd/error_log [Mon Apr 06 09:49:41 2015] [error] [client 192.168.31.8] Unable to write file /var/ipfire/snort/settings at /var/ipfire/general-functions.pl line 179., referer: https://ipfire.xxx.xxx.xxx:444/cgi-bin/ids.cgi
Solved the problem: Changed owner of /var/ipfire/snort/settings to nobody:nobody. File was never touched by hand. If no further investigation/action is intended, bug can be marked as CLOSED from reporter's point of view.