Snort mailing list archives
Re: reg: snort.conf
From: "Rahul" <shadhanker () gmx net>
Date: Sat, 16 Aug 2003 10:29:51 +0530
Hello all, Thanks for the resposne. Now i've got snort working. Now i want to use webmin for snort. So i downlaod snort-1.1.wbm and integrated. When i try to browse,i'm getting Rule file cannot be found (/home/sadha/snort/$RULE_PATH/attack-responses.rules) so i edited index.cgi(of webmin) as follows,(i.e to replace RULE_PATH var with 'rules' - dir name) ($rule) =~ s/\$RULE_PATH/rules/g; It works fine. 1) Is this right? Then another pbl, in webmin page, Rulesets = Enabled = Disabled Rule Set Status Action Rule Set Status Action Rule Set Status Action rules/attack-responses Disable rules/misc Disable rules/smtp Disable rules/backdoor Disable rules/multimedia Enable rules/snmp Disable rules/bad-traffic Disable rules/mysql Disable rules/sql Disable rules/chat Enable rules/netbios Disable rules/telnet Disable rules/ddos Disable rules/nntp Disable rules/tftp Disable rules/dns Disable rules/oracle Disable rules/virus Enable rules/dos Disable rules/other-ids Disable rules/web-attacks Enable rules/experimental Disable rules/p2p Enable rules/web-cgi Disable rules/exploit Disable rules/policy Enable rules/web-client Disable rules/finger Disable rules/pop2 Disable rules/web-coldfusion Disable rules/ftp Disable rules/pop3 Disable rules/web-frontpage Disable rules/icmp Disable rules/porn Enable rules/web-iis Disable rules/icmp-info Enable rules/rpc Disable rules/web-misc Disable rules/imap Disable rules/rservices Disable rules/web-php Disable rules/info Enable rules/scan Disable rules/x11 Disable rules/local Disable rules/shellcode Enable 2) i'm able to access thro Rule Set (i.e for example clicking on rules/attack-responses will take thro to page rightly). But, Action is not possible(Hope Action column is link, for example when i click Action "Disable of rules/atatck-responses" , it gives "The page cannot be found" ---------it passes the url as "http:<pathto snort>/rule_status.cgi?rule=rules/attack-responses" Actually what is that action column from above snip. Plz help me to succeed with this. Thanks and Regards, -sadha
On Wed, 13 Aug 2003, Rahul wrote: [...snip...]My another Q! is does basic conf will work withotu any modification or
need
to ''edit'' conf file before using with "-c".No. You _must_ edit it. It's commented quite well. And _PLEASE_ read the docs! Everything that you've asked has been answered in there. Once it becomes obvious that you're not trying to help yourself by reading, the amount of help from list members drops dramatically... Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
Current thread:
- reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)
- Re: reg: snort.conf Rahul (Aug 12)
- Re: reg: snort.conf Erek Adams (Aug 12)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 13)
- Re: reg: snort.conf David Alonso De La Vega Tapage (Aug 13)
- Re: reg: snort.conf Erek Adams (Aug 13)
- Re: reg: snort.conf Rahul (Aug 15)
- snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Matt Kettler (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 18)
- Re: snort crash - after sometime in IDS mode Rahul (Aug 20)
- Re: snort crash - after sometime in IDS mode(plz reply) Rahul (Aug 20)
- Re: reg: snort.conf Rahul (Aug 13)
- Re: reg: snort.conf Ahmad Masood Shah (Aug 12)