Snort mailing list archives
AW: (Snort-users) Bad Priority setting
From: <sandro.poppi () wacker com>
Date: Fri, 05 Oct 2001 07:17:00 +0200
You are missing the classification.config file in your /etc/snort.conf. This can be found in the tarball and should be included in snort.conf BEFORE the includes of the rules: include /usr/local/snort/classification.config. If you are still getting that errors you have to define the classification type given in the error message, e.g. attempted-user, in classification.config. HTH Sandro
-----Ursprüngliche Nachricht-----
Von: Ole Andreas Weel <weelers () c2i net> at internet
Gesendet: Donnerstag, 4. Oktober 2001 21:15
An: snort-users () lists sourceforge net at Internet
Betreff: [Snort-users] Bad Priority setting
m running r.h 7.1, with isdn.
when i try to run snort i get this msg:
[root@localhost /root]# snort -c /etc/snort.conf
Log directory =
--== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Using LOCAL time
ProcessFileOption: /var/log/snort/alerts.log
Linking FullAlert functions to call lists...
ERROR /usr/local/snort/exploit.rules(6) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(7) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(8) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(9) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(10) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(11) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(12) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(13) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(14) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(15) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(16) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(17) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(18) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(19) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(20) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(21) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(22) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(23) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(24) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(25) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(26) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(27) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(28) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(29) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(30) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(31) => Bad Priority setting
"attempted-user"
[!] ERROR /usr/local/snort/exploit.rules(32) => Bad port number:
"(msg:"EXPLOIT"
Fatal Error, Quitting..
[root@localhost /root]#
This is my snort.conf file:
[root@localhost /root]# cat /etc/snort.conf
##### Current Database Updated -- 03/10/2001
##### Variables
#etc EXTERNAL_NET !172.16.1.0/24
var EXTERNAL_NET any
var HOME_NET 192.168.0.0/24
var INTERNAL 192.168.0.9/24
var PORTS 5
var SECONDS 15
##### Preprocessors
preprocessor http_decode: 80 443 8080
#preprocessor minfrag: 128
preprocessor defrag
preprocessor portscan: $HOME_NET $PORTS $SECONDS
/var/log/snort/portscan.log
##### Output
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: /var/log/snort/alerts.log
##### What do we log
# Logging tcp
log tcp any any <> $INTERNAL any (session: printable;)
log tcp any any <> $INTERNAL any
# Logging udp
log udp any any <> $INTERNAL any (session: printable;)
log udp any any <> $INTERNAL any
# Logging icmp
log icmp any any <> $INTERNAL any (session: printable;)
log icmp any any <> $INTERNAL any
include /usr/local/snort/local.rules
include /usr/local/snort/exploit.rules
include /usr/local/snort/scan.rules
include /usr/local/snort/finger.rules
include /usr/local/snort/ftp.rules
include /usr/local/snort/telnet.rules
include /usr/local/snort/smtp.rules
include /usr/local/snort/rpc.rules
include /usr/local/snort/rservices.rules
include /usr/local/snort/backdoor.rules
include /usr/local/snort/dos.rules
include /usr/local/snort/ddos.rules
include /usr/local/snort/dns.rules
include /usr/local/snort/netbios.rules
include /usr/local/snort/web-cgi.rules
include /usr/local/snort/web-coldfusion.rules
include /usr/local/snort/web-frontpage.rules
include /usr/local/snort/web-misc.rules
include /usr/local/snort/web-iis.rules
include /usr/local/snort/icmp.rules
include /usr/local/snort/misc.rules
include /usr/local/snort/policy.rules
include /usr/local/snort/info.rules
what am i doing wrong ?
regards ole
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Bad Priority setting sandro.poppi (Oct 04)