Snort mailing list archives

webmin - snort (fwing again)

From: "Rahul" <shadhanker () gmx net>
Date: Sat, 16 Aug 2003 11:01:40 +0530
Hello all,

Thanks for the resposne.
Now i've got snort working. Now i want to use webmin for snort.

So i downlaod snort-1.1.wbm and integrated.

When i try to browse,i'm getting
Rule file cannot be found
(/home/sadha/snort/$RULE_PATH/attack-responses.rules)
so i edited index.cgi(of webmin) as follows,(i.e to replace RULE_PATH var
with 'rules' - dir name)

($rule) =~ s/\$RULE_PATH/rules/g;

It works fine.

1) Is this right?

Then another pbl,

in webmin page,

Rulesets 
 = Enabled   = Disabled 
      Rule Set Status Action   Rule Set Status Action   Rule Set Status Action 
      rules/attack-responses  Disable    rules/misc  Disable    rules/smtp  Disable 
      rules/backdoor  Disable    rules/multimedia  Enable    rules/snmp  Disable 
      rules/bad-traffic  Disable    rules/mysql  Disable    rules/sql  Disable 
      rules/chat  Enable    rules/netbios  Disable    rules/telnet  Disable 
      rules/ddos  Disable    rules/nntp  Disable    rules/tftp  Disable 
      rules/dns  Disable    rules/oracle  Disable    rules/virus  Enable 
      rules/dos  Disable    rules/other-ids  Disable    rules/web-attacks  Enable 
      rules/experimental  Disable    rules/p2p  Enable    rules/web-cgi  Disable 
      rules/exploit  Disable    rules/policy  Enable    rules/web-client  Disable 
      rules/finger  Disable    rules/pop2  Disable    rules/web-coldfusion  Disable 
      rules/ftp  Disable    rules/pop3  Disable    rules/web-frontpage  Disable 
      rules/icmp  Disable    rules/porn  Enable    rules/web-iis  Disable 
      rules/icmp-info  Enable    rules/rpc  Disable    rules/web-misc  Disable 
      rules/imap  Disable    rules/rservices  Disable    rules/web-php  Disable 
      rules/info  Enable    rules/scan  Disable    rules/x11  Disable 
      rules/local  Disable    rules/shellcode  Enable 


2) i'm able to access thro Rule Set (i.e for example clicking on
rules/attack-responses will take thro to page rightly).
But, Action is not possible(Hope Action column is link, for example when i
click Action "Disable of rules/atatck-responses" , it gives

"The page cannot be found" ---------it passes the url as "http:<pathto
snort>/rule_status.cgi?rule=rules/attack-responses"

Actually what is that action column from above snip. Plz help me to succeed
with this.


Thanks and Regards,
-sadha


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
Current thread:

webmin - snort (fwing again) Rahul (Aug 15)
- <Possible follow-ups>
- Fw: webmin - snort (fwing again) Rahul (Aug 17)