Re: reg: snort.conf

["Rahul" <shadhanker () gmx net>]

Hello all,

Thanks for the resposne.
Now i've got snort working. Now i want to use webmin for snort.

So i downlaod snort-1.1.wbm and integrated.

When i try to browse,i'm getting
Rule file cannot be found
(/home/sadha/snort/$RULE_PATH/attack-responses.rules)
so i edited index.cgi(of webmin) as follows,(i.e to replace RULE_PATH var
with 'rules' - dir name)

($rule) =~ s/\$RULE_PATH/rules/g;

It works fine.

1) Is this right?

Then another pbl,

in webmin page,


                                                    Rulesets

= Enabled   = Disabled
      Rule Set Status Action   Rule Set Status Action   Rule Set Status
Action
      rules/attack-responses  Disable    rules/misc  Disable    rules/smtp
Disable
      rules/backdoor  Disable    rules/multimedia  Enable    rules/snmp
Disable
      rules/bad-traffic  Disable    rules/mysql  Disable    rules/sql
Disable
      rules/chat  Enable    rules/netbios  Disable    rules/telnet  Disable
      rules/ddos  Disable    rules/nntp  Disable    rules/tftp  Disable
      rules/dns  Disable    rules/oracle  Disable    rules/virus  Enable
      rules/dos  Disable    rules/other-ids  Disable    rules/web-attacks
Enable
      rules/experimental  Disable    rules/p2p  Enable    rules/web-cgi
Disable
      rules/exploit  Disable    rules/policy  Enable    rules/web-client
Disable
      rules/finger  Disable    rules/pop2  Disable    rules/web-coldfusion
Disable
      rules/ftp  Disable    rules/pop3  Disable    rules/web-frontpage
Disable
      rules/icmp  Disable    rules/porn  Enable    rules/web-iis  Disable
      rules/icmp-info  Enable    rules/rpc  Disable    rules/web-misc
Disable
      rules/imap  Disable    rules/rservices  Disable    rules/web-php
Disable
      rules/info  Enable    rules/scan  Disable    rules/x11  Disable
      rules/local  Disable    rules/shellcode  Enable



2) i'm able to access thro Rule Set (i.e for example clicking on
rules/attack-responses will take thro to page rightly).
But, Action is not possible(Hope Action column is link, for example when i
click Action "Disable of rules/atatck-responses" , it gives

"The page cannot be found" ---------it passes the url as "http:<pathto
snort>/rule_status.cgi?rule=rules/attack-responses"

Actually what is that action column from above snip. Plz help me to succeed
with this.


Thanks and Regards,
-sadha


> On Wed, 13 Aug 2003, Rahul wrote:
>
> [...snip...]
>
> > My another Q! is does basic conf will work withotu any modification or
need
> > to  ''edit''   conf file before using with "-c".
>
> No.  You _must_ edit it.  It's commented quite well.
>
> And _PLEASE_ read the docs!  Everything that you've asked has been
> answered in there.  Once it becomes obvious that you're not trying to help
> yourself by reading, the amount of help from list members drops
> dramatically...
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003