Snort mailing list archives
RE: Patch for ACID....!!
From: Saad Kadhi <bsdguy () docisland org>
Date: 13 Jan 2002 14:18:03 +0100
On Sun, 2002-01-13 at 14:01, Frank Reid wrote:
It could be a useful feature to have both an "anonymous" and "administrator" (authenticated) mode on ACID. The anonymous user would be allowed to search/display alerts, graph data, etc., but not delete, archive, etc. In fact, it would be great to support granular accounts in both ACID and Demarc, probably associated with specified database criteria such as the alert type, address space, etc. So, if "User X" is associated with address 1.2.3.0/24 and has non-administrative permissions (no delete), "User X" is only able to query within those bounds after authenticating. "User Y" is a website administrator, so he only has non-administrative permissions for 1.2.3.4/32 and only for alerts WEB-IIS, WEB-MISC, etc.
Now I got the picture. I thought it was just a need to authenticate access to the acid subdir. My sincere apologies to kamesh for such a misunderstanding. Regards.
Frank -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Saad Kadhi Sent: Saturday, January 12, 2002 10:44 AM To: kamesh_rajaram () sify com Cc: Snort Users Subject: Re: [Snort-users] Patch for ACID....!! On Sat, 2002-01-12 at 13:34, kamesh_rajaram () sify com wrote:Hi ACID users...!! This is with respect to the product ACID (Version 0.9.6b19 ). Ifeel thatan authentication procedure is required for the users of this console(Like whatDEMARC has). Since i am planing to use ACID...i feel the need for authentication. Is there a patch already available..?? Else, i am planningtodevelop that module as a patch...I seek ur advice on this issue. Thismail isto avoid any duplication of work in that area. Mail back to me in leisure...Seeking ur kind co-operation in this regard.I'm a bit confused w/ your post. What kind of authentication are you seeking ? to run ACID, you need a webserver that can run php. & nowadays, all webservers support some kind of authentication or another. For example, let's take Apache. There is .htaccess, digest,mod_auth_db, mod_auth_dbm & many other types of authentication. So why the heck do we need a "supplemental" ACID-only authentication module since there is already a truckload of methods for Apache itself ? & If you don't want to go into big hassles configuring Apache to support authentication for the $wwwdir/acid directory, you can use ssh port forwarding as a mean to authenticate the admins. Here is how I do it: 1. configure apache to listen only to loopback address. For example: localhost on port 8888 (that way you avoid Apache initially starting as root since port >=1024) 2. generate a dsa key to use w/ your favorite openssh server installed on the same box as apache 3. put in your local .ssh/config file sth like the following for the apache server: [snip] Host acid.test.com [snip] LocalForward 8888 localhost:8888 [snip] 4. now open a session to acid.test.com 5. open your browser & type: http://localhost:8888 If this is not a *strong* authentication of sorts, then I don't see your point Kamesh. Regards. -- /Saad -- [bsdguy () docisland org] [pgp keyid: 35592A6D http://pgp.mit.edu] # buy a geek-in-a-can, point nozzle at technical problem and spray # if desesperate degauss your screen. it might solve your pb as well _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- /Saad -- [bsdguy () docisland org] [pgp keyid: 35592A6D http://pgp.mit.edu] # buy a geek-in-a-can, point nozzle at technical problem and spray # if desesperate degauss your screen. it might solve your pb as well _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Patch for ACID....!! kamesh_rajaram (Jan 12)
- Re: Patch for ACID....!! Saad Kadhi (Jan 12)
- RE: Patch for ACID....!! Frank Reid (Jan 13)
- RE: Patch for ACID....!! Saad Kadhi (Jan 13)
- UDP Alerts Frank Reid (Jan 13)
- Re: UDP Alerts Matt Kettler (Jan 14)
- RE: Patch for ACID....!! Frank Reid (Jan 13)
- Re: Patch for ACID....!! Saad Kadhi (Jan 12)