ports/169524: security/snortsam : remove rcscript REQUIRE: LOGIN

Michael Scheidell scheidell at FreeBSD.org
Thu Jun 28 16:10:12 UTC 2012 

>Number:         169524
>Category:       ports
>Synopsis:       security/snortsam : remove rcscript REQUIRE: LOGIN
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 28 16:10:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security
>Environment:

>Description:

The use of 'REQUIRE:*LOGIN' is usually needed so that nis/ldap/pam/other remote auth for services that need to chuser.
snortsam has not need for a user other than root, and having this run BEFORE LOGIN, can cause delays in bootup, more 
specifically, since snortsam loads lots of 'dontblock' ip's by reading a large 'root server' dns list, it can appear to lock 
up the system, until it is done.

By removing the 'LOGIN' from 'REQUIRE', the cli (console) login can be presented while snortsam is starting.
PLEASE NOTE: snort itself isn't even running yet (it does not REQUIRE LOGIN), so there is no real need to risk the delays.

>How-To-Repeat:
break dns and reboot system, try to obtain console login.. it could take a timeout of 5 mins per dontblock entry.
>Fix:

This patch

--- snortsam.patch begins here ---
Index: files/snortsam.sh.in
===================================================================
RCS file: /home/pcvs/ports/security/snortsam/files/snortsam.sh.in,v
retrieving revision 1.5
diff -u -r1.5 snortsam.sh.in
--- files/snortsam.sh.in	14 Jan 2012 08:56:52 -0000	1.5
+++ files/snortsam.sh.in	28 Jun 2012 15:54:57 -0000
@@ -3,7 +3,6 @@
 
 # PROVIDE: snortsam
 # REQUIRE: DAEMON
-# BEFORE:  LOGIN
 # KEYWORD: shutdown
 
 #
--- snortsam.patch ends here ---

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list