Snort mailing list archives
Re: Apache/Acid + server
From: Nigel Houghton <nigel () sourcefire com>
Date: Fri, 28 May 2004 10:39:35 -0400
On 0, snort-users-request () lists sourceforge net allegedly wrote:
3. Apache/Acid + server (Cilin) --__--__-- Message: 3 Date: Thu, 27 May 2004 16:45:18 -0700 (PDT) From: Cilin <cilin5 () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] Apache/Acid + server I am trying to figure out what purpose does the Apache server play along with Acid to display the Snort report. I want to configure Apache for a small cgi website and am wondering if i can configure it while its is still doing its job with Acid/Snort. Anyone have any idea IF it can be done? or only one instance of Apache can be used per computer(serever)? As far as i know the report generated by acid shouldn't be displayed online it should be for local view. If anyone can clear my state of confusion, it will be greatly appreciated.
Apache is only used to display your pages. It has no impact on processing or anything else that happens between your Snort instance and ACID. ACID is a PHP application that generates HTML from information in your database only when requested it to do so, i.e. you browse to a page and it returns the HTML for the page you request. Stopping the Apache server will just mean you can't browse to any pages. You could run more than one instance of Apache if you really wanted to, but there is no need. You can bind the process to multiple ports and use Virtual hosting to present different sites from the same box. Details on how to achieve this are in the most excellent Apache manual. If you want to access your ACID site from somewhere external to your home net, you could always run Apache with SSL and require a login to your ACID site. Details on how to achieve this are also found in the most excellent Apache manual.
Regards, Vents P.S. On a side note, has anyone noticed fewer major(i mean non-scan) attacks during the last month or so? I used to log 50x more before and now everything seems calm and eerie. I did get the latest snort rules, but still not loggin much except WebDAV search access, Javascript URL host spoofing attempt, and the various scans.
That's a pretty subjective thing really. The most prevalent "major" alerts generated by my installation of Snort at home are from boxes infected with MS Worms, (particularly the MS-SQL ones) I also get regular pings from my ISP which I duly filter out. ------------------------------------------------------------- Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team In an emergency situation involving two or more officers of equal rank, seniority will be granted to whichever officer can program a vcr. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Apache/Acid + server Cilin (May 27)
- Re: Apache/Acid + server James Riden (May 27)
- <Possible follow-ups>
- Re: Apache/Acid + server Nigel Houghton (May 28)