Snort mailing list archives
SnortCenter v1.0 RC1 byte_test work around
From: "Richard Pesce" <pesce () pescetech com>
Date: Wed, 07 Jan 2004 16:36:28 -0500
pesce () pescetech com This is a quick dirty work around for the 'byte_test' bug in snortcenter v1.0 RC1 *warning* it will erase all 'byte_test' rules... make sure you uninstall this workaround when you upgrade to a working version. Note: uninstall by reversing the instructions! You must have snortcenter and snort sensor installed and configured properly and be receiving the 'byte_test' errors 0. Edit the snortcenter sensor config (pico -w /snortcenter-sensor- path/conf/config) Search for a line that contains something like this: snort_path=/some- path/ Comment it out so it looks like this: #snort_path=/some-path/ Directly below it add a line that looks like this: snort_path=/path-to- snort-rules/ **make sure you add the trailing slash! 1. Create a file called 'snort' in your /path-to-snort-rules/ directory Edit it... (pico -w /path-to-snort-rules/snort) Paste these lines into it: #***START*** #change this to reflect the real snort path SNORTPATH=/usr/local/bin/snort #change this to reflect the snort rule path RULEPATH=/etc/snort #dont touch cd $RULEPATH #change, add or remove for device configs mv snort.eth0.conf snort.eth0.conf.broken mv snort.eth1.conf snort.eth1.conf.broken mv snort.eth2.conf snort.eth2.conf.broken #change, add or remove for device configs #removes the "byte_test" rules, until fix can be made grep -v 'byte_test' snort.eth0.conf.broken > snort.eth0.conf grep -v 'byte_test' snort.eth1.conf.broken > snort.eth1.conf grep -v 'byte_test' snort.eth2.conf.broken > snort.eth2.conf #dont touch $SNORTPATH $1 $2 $3 $4 $5 $6 $7 $8 $9 #***END*** 2. Edit the file you just made and set all of the appropriate areas 3. chmod +x /path-to-snort-rules/snort (figure it out) 4. Ok youre done ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortCenter v1.0 RC1 byte_test work around Richard Pesce (Jan 12)
- <Possible follow-ups>
- SnortCenter v1.0 RC1 byte_test work around Richard Pesce (Jan 12)