Snort mailing list archives

Re: Linking rules in BASE

From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 24 Aug 2010 20:29:28 -0400

On Tue, 24 Aug 2010 20:08:00 -0400, waldo kitty wrote:


this post, among other things, brings up the following...

On 8/24/2010 17:22, Billy Marshall wrote:

I am not sure what you mean by a sim-link with BASE, I don't recall 
ever making
any sim-links. However, the following is from the base_conf.php in your web
directory. It defines the variables for BASE. (assuming your using a Linux
distro and BASE 1.4.4)
If you have moved your rules then the variable 'local_rules_dir' is not
accurate. These also define the links in the output of BASE to 
correctly link to
websites.
$external_sig_link = array('bugtraq' =>
array('http://www.securityfocus.com/bid/&apos;, ''),
/*********** corrected 20100104 Bill marshall*/
/* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=&apos;, ''), */
'snort' => array('http://www.snortid.com/snortid.asp?QueryId=&apos;, ''),
'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=&apos;, ''),
'arachnids' => array('http://www.whitehats.com/info/ids&apos;, ''),


since arachnids/whitehats.com is long gone by several years, why do 
we still 
have all of the erroneous references to it and its database in the sigs and 
references file?

what i find about it now, and for the last 2 or 3 years, is a park 
page on some 
host out of OZ...

can we get these removed, please?


Yes, we already have a bug open to remove the arachnids references. 
We'll also be adding OSVDB as a reference type with the 2.9 release.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Linking rules in BASE Kun, Mike (Aug 24)
- Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
  - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE JJC (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Paul Schmehl (Aug 24)
    - Re: Linking rules in BASE Billy Marshall (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 25)