Snort mailing list archives
Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org
From: Teo En Ming <singapore.mr.teo.en.ming () gmail com>
Date: Fri, 26 Sep 2014 05:33:26 +0800
Thank you Joel Esler. I have found the Shell Shocked security vulnerability detection rules in the latest Snort community rules. There are a total of 4 shellshock security vulnerability detection rules. My Snort Intrusion Detection System (IDS) is now ready and on standby. I am worried that my server is high risk to the shellshock security vulnerability. My software vendor has not announced the release of patches to GNU BASH and I cannot patch the server through the normal way "yum update". Doing a "yum update" will update all the software packages on the server and will likely break a lot of things running on the server. I don't want worms to get past my firewall and hackers to take over my server. I am worried about my Apache HTTP server with its CGI scripts. What can I do since the GNU bash patches are incomplete and my software vendor hasn't released the shellshock patches? -- Yours sincerely, Teo En Ming Singapore On 26/09/2014 04:57, Joel Esler (jesler) wrote:
Because “Shellshock” is a creative name for it… That’s not what the rules are called. Do a grep "Bash CGI environment variable injection attempt” community.rules -- Joel Esler Open Source Manager Threat Intelligence Team Lead TalosOn Sep 25, 2014, at 4:24 PM, Teo En Ming <singapore.mr.teo.en.ming () gmail com> wrote: Hi, I have downloaded and installed the latest community rules from the official snort website. But I cannot find any shellshock bug detection rules in the latest community rules. 1) grep shock community.rules Results: Not found 2) grep shell community.rules Results: Too many shellcode results returned 3) grep sheel community.rules Results: Not found. sheelshock is actually a mis-spelling for shellshock Can anybody help me to find the shellshock bug detection rules in the latest community rules? Thank you very much. -- Yours sincerely, Teo En Ming Singapore ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Yours sincerely, Teo En Ming ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Jeremy Hoel (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 25)