Find the answer to your Linux question:
Results 1 to 4 of 4
Hello to all... for begining, sorry if i have writting errors, english isn't my main language Sguil requires Tc/Tk and Tclx for work (tcl8.3, itcl3.1, tcllib, tclx8.3, mysqltcl) I have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 10-26-2007 #1
    Saltamontes
    Saltamontes is offline
    Just Joined!
    Join Date
    Oct 2007
    Location
    Mexico
    Posts
    65

    Sguil, "no $DISPLAY environment variable"

    Hello to all... for begining, sorry if i have writting errors, english isn't my main language

    Sguil requires Tc/Tk and Tclx for work (tcl8.3, itcl3.1, tcllib, tclx8.3, mysqltcl)

    I have downloaded: sguil 0.6.1, snort 2.8.0, sancp 1.6.1 stable, barnyard 0.2.0, and the rest of libraries already are in to Debian Etch 4.0 CDs
    Also i have checked these guides:
    Sguil_on_RedHat_HOWTO
    Deploying an NSM sguil sensor on debian


    i have reached the point where the GUI (Sguil client) is configured and i have executed sguild and is running (but the process isn't shown in the "#ps -e" list )

    and when i try to execute sguil.tk as normal user, it shows this error:

    Code:
    Error in startup script: unknown option "-orient" 
(object "::.eventPane.pane1.childsite.detailPane.pane1.childsite.packetDataFrame.packetDataFrame.pane1.childsite.packetFrame.dataSearchFrame.dataSearchType" method "::itk::Archetype::itk_initialize" ) 
invoked from within 
"itk_initialize -orient horizontal -labelpos e -borderwidth 0" 
("eval" body line 1) 
invoked from within 
"eval itk_initialize $args" 
while constructing object "::.eventPane.pane1.childsite.detailPane.pane1.childsite.packetDataFrame.packetDataFrame.pane1.childsite.packetFrame.dataSearchFrame.dataSearchType" in ::iwidgets::Radiobox::constructor (body line 6) 
invoked from within 
"::iwidgets::Radiobox .eventPane.pane1.childsite.detailPane.pane1.childsite.packetDataFrame.packetDataFrame.pane1.childsite.packetFrame.dataSearchFrame..." 
("uplevel" body line 1) 
invoked from within 
"uplevel ::iwidgets::Radiobox $pathName $args" 
(procedure "::iwidgets::radiobox" line 2) 
invoked from within 
"radiobox $dataSearchFrame.dataSearchType -orient horizontal -labelpos e -borderwidth 0" 
invoked from within 
"set dataSearchType [radiobox $dataSearchFrame.dataSearchType -orient horizontal -labelpos e -borderwidth 0]" 
(file "./sguil.tk" line 2435)
    and as root shows this:
    Code:
    Application initialization failed: no display name and no $DISPLAY environment variable 
ERROR: Cannot fine the Iwidgets extension. 
The iwidgets package is part of the incr tcl extension and is 
available as a port/package most systems. 
See tcltk.com for more info.
    but i have installed all packages required ( tcl/tk 8.3 tclx 8.3 tcllib itcl mysqltcl) and i check this in the tcl> console:
    tcl>package require Iwidgets
    3.1.0
    tcl>package require tls
    1.50
    tcl>package require Tclx
    8.3
    tcl>package require mysqltcl
    3.02

    making some experiments and searching information, i realized that DISPLAY is an environment variable that is relatet to X(11/org), and as normal user is shown in this form:
    DISPLAY=":0.0"
    and as root, this variable dont appears, and added it in this way:
    export DISPLAY=:0.0 or export DISPLAY=":0.0"
    but appears the same errors

    also i try to execute sguil.tk with the "wish" command:
    wish sguil.tk -display :0.0
    varying the 0's between 0 and 3 ( supposing some realationship with the 4 graphic desktops )
    and as user, it shows the same error described before, and as root, this error is shown:
    Code:
    Application initialization failed: couldn't connect to display ":0.1"
ERROR: Cannot fine the Iwidgets extension.
The iwidgets package is part of the incr tcl extension and is
available as a port/package most systems.
See http://www.tcltk.com/iwidgets/ for more info.
    can you give me some advices, please???
    Thanks for your time
    Reply With Quote Reply With Quote
  2. 11-06-2007 #2
    Saltamontes
    Saltamontes is offline
    Just Joined!
    Join Date
    Oct 2007
    Location
    Mexico
    Posts
    65
    i fixed the problem removing all tlc, itcl, itk,tk, tclx debian packages and i'd install ActiveTcl, creating soft links to the proper directories . . .

    Also i had a problem with logging between the Sguil Client and Sguil Server, but it was fixed deleting and creating new accounts with the Sguil Server script

    ./sguild -deluser
    ./sguild -adduser

    Now i reach the part where some "scripts" need to be moved to /etc/init.d, these are the files:
    # cp $STARTUPFILES/barnyard-sensor /etc/init.d/barnyard-$SENSORNAME
    # cp $STARTUPFILES/sancp-sensor /etc/init.d/sancp-$SENSORNAME
    # cp $STARTUPFILES/sancp_agent-sensor /etc/init.d/sancp_agent-$SENSORNAME
    # cp $STARTUPFILES/pads_agent-sensor /etc/init.d/pads_agent-$SENSORNAME
    # cp $STARTUPFILES/pcap_agent-sensor /etc/init.d/pcap_agent-$SENSORNAME
    # cp $STARTUPFILES/snort_agent-sensor /etc/init.d/snort_agent-$SENSORNAME
    # cp $STARTUPFILES/sguil_logger-sensor /etc/init.d/sguil_logger-$SENSORNAME
    # cp $STARTUPFILES/snort-sensor /etc/init.d/snort-$SENSORNAME
    # cp $STARTUPFILES/pads-sensor /etc/init.d/pads-$SENSORNAME

    where $STARTUPFILES refers to the location where program files were generated after compile the sources, but the compilation only create a bianary file, not an script file with execution permission

    for example, the barnyard compilation only create barnyard binary, no one named barnyard-sensor, nothing to say about "sancp-sensor" and "sancp_agent_sensor", two files mentioned above, and after the compilation, a single binary was generated.

    And im reading again the guide in the compilation section, but don't refers to special parameters or files generated after the compilation.

    Could you give me some ideas???
    Thanks for your time

    See you
    Reply With Quote Reply With Quote
  3. 11-14-2007 #3
    Saltamontes
    Saltamontes is offline
    Just Joined!
    Join Date
    Oct 2007
    Location
    Mexico
    Posts
    65
    I found the problem, i didn't read well the guide and miss to download a package were the startup scripts come, this compressed file is instantnsm listed at the end of the software table

    But i found anoter little problem, after modify some lines at the scripts ( path to directories) and add this startup files as processes ( chkconfig on Red Hat or equivalent on Debian) . . . while i was starting the scripts, a script that uses SNORT shown this message:

    Starting snort: ./snort-sensor01: line 55: daemon: command not found

    and that 55 line has written this: daemon $SNORT

    $SNORT is a variable used to execute snort, within the function start(), that variable is defined some lines above.

    This is the whole code of that script:
    Code:
    #!/bin/bash
#
# $Id: snort-sensor,v 1.2 2005/12/19 20:37:20 hanashi Exp $
#
# Copyright (C) 2005, David J. Bianco <david@vorant.com>
#
# snort      start and stop snort IDS sensor
#
# chkconfig: 345 81 14
# description: start and stop IDS sensor

PATH=/sbin:/bin:/usr/bin:/usr/sbin

# Source function library.
#<!> -- El archivo no se encontro en la ubicacion mencionada, po-
#<!> -- siblemente en Red Hat asi sea, en Debian, se encontro en
#<!> -- la ruta descrita en la linea inferior a la comentada
#. /etc/init.d/functions
. /usr/share/initramfs-tools/scripts/functions

# The name of this sensor.  Edit this!
#SENSOR=SENSORNAME
 SENSOR=sensor01

# The location of the local storage directory.  Edit this!
#NSMDIR=NSMDIR
 NSMDIR=/home/edgar/sguild_data/snort-data

# The network interface to monitor (eg, eth2, bond0, etc).  Edit this!
#INTERFACE=INTERFACE
 INTERFACE=eth0

RETVAL=0

# The location of the Snort log directory.
SNORTLOG=/var/log/snort-$SENSOR

SNORT="/usr/local/bin/snort -u sguil -g sguil -m 122 -l $SNORTLOG -c /usr/local/snortrules-$SENSOR/snort.conf -D -i $INTERFACE -o -q -A none -U "

start(){
   echo -n "Starting snort: "

    # Since we're running as nobody, make sure the logs are writable by us
    chown -R  sguil.sguil $SNORTLOG $NSMDIR
    daemon $SNORT
    RETVAL=$?
    echo
    return $RETVAL
}

stop(){
    echo -n "Stopping snort: "
    kill -9   `ps -auxww | grep snort | grep snort.conf | grep $SENSOR | awk '{print $2}'`
    RETVAL=$?
    echo
    return $RETVAL
}

restart(){
    stop
    start
}

status() {
    PID=`ps -auxww | grep snort | grep snort.conf | grep $SENSOR | grep -v grep | awk '{print $2}'`
    if [ "x$PID" != "x" ]; then
   echo "Snort NIDS for sensor $SENSOR is UP (pid $PID)"
   exit 0
    else
   echo "Snort NIDS for sensor $SENSOR is DOWN"
   exit -1
    fi
}

# See how we were called.
case "$1" in
    start)
   start
   ;;
    stop)
   stop
   ;;
    status)
   status $prog
   ;;
    restart)
   restart
   ;;
    *)
   echo $"Usage: $0 {start|stop|status|restart}"
   RETVAL=1
esac

exit $RETVAL
    I was tinking that daemon could be a command from the console, but it didn't, i try "da [ tab ]" and "dae [ tab ]" in both normal and root console but nothing appeared.
    Next i try "man daemon" and this is shown as the synopsis man:

    #include <unistd.h>
    int daemon(int nochdir, int noclose);

    And i have that header at /usr/include

    Any idea will be well received
    Tanks for your time again

    See you
    Reply With Quote Reply With Quote
  4. 02-23-2008 #4
    treebug
    treebug is offline
    Just Joined!
    Join Date
    Feb 2008
    Posts
    1
    How did you fix the problem in your initial post?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules