Snort mailing list archives

Re: Apache/Acid + server

From: Nigel Houghton <nigel () sourcefire com>
Date: Fri, 28 May 2004 10:39:35 -0400

On  0, snort-users-request () lists sourceforge net allegedly wrote:

   3. Apache/Acid + server (Cilin)

--__--__--

Message: 3
Date: Thu, 27 May 2004 16:45:18 -0700 (PDT)
From: Cilin <cilin5 () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Apache/Acid + server

I am trying to figure out what purpose does the Apache
server play along with Acid to display the Snort
report. I want to configure Apache for a small cgi
website and am wondering if i can configure it while
its is still doing its job with Acid/Snort. Anyone
have any idea IF it can be done? or only one instance
of Apache can be used per computer(serever)? As far as
i know the report generated by acid shouldn't be
displayed online it should be for local view. If
anyone can clear my state of confusion, it will be
greatly appreciated.


Apache is only used to display your pages. It has no impact on processing
or anything else that happens between your Snort instance and ACID.

ACID is a PHP application that generates HTML from information in your database
only when requested it to do so, i.e. you browse to a page and it returns the
HTML for the page you request. Stopping the Apache server will just mean 
you can't browse to any pages.

You could run more than one instance of Apache if you really wanted to,
but there is no need. You can bind the process to multiple ports and use
Virtual hosting to present different sites from the same box. Details on
how to achieve this are in the most excellent Apache manual.

If you want to access your ACID site from somewhere external to your home
net, you could always run Apache with SSL and require a login to your ACID
site. Details on how to achieve this are also found in the most excellent
Apache manual.

Regards, 

Vents

P.S. On a side note, has anyone noticed fewer major(i
mean non-scan) attacks during the last month or so? I
used to log 50x more before and now everything seems
calm and eerie. I did get the latest snort rules, but
still not loggin much except WebDAV search access,
Javascript URL host spoofing attempt, and the various
scans.


That's a pretty subjective thing really. The most prevalent "major" 
alerts generated by my installation of Snort at home are from boxes
infected with MS Worms, (particularly the MS-SQL ones) I also get regular
pings from my ISP which I duly filter out. 
 
-------------------------------------------------------------
Nigel Houghton       Research Engineer        Sourcefire Inc.
                 Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Apache/Acid + server Cilin (May 27)
- Re: Apache/Acid + server James Riden (May 27)
- <Possible follow-ups>
- Re: Apache/Acid + server Nigel Houghton (May 28)