Snort mailing list archives

SnortCenter v1.0 RC1 byte_test work around

From: "Richard Pesce" <pesce () pescetech com>
Date: Wed, 07 Jan 2004 16:36:28 -0500

pesce () pescetech com

This is a quick dirty work around for the 'byte_test' bug in 
snortcenter v1.0 RC1
*warning* it will erase all 'byte_test' rules... make sure you 
uninstall this workaround
when you upgrade to a working version. Note: uninstall by reversing the 
instructions!


You must have snortcenter and snort sensor installed and configured 
properly and be
receiving the 'byte_test' errors


0.
Edit the snortcenter sensor config (pico -w /snortcenter-sensor-
path/conf/config)

Search for a line that contains something like this: snort_path=/some-
path/

Comment it out so it looks like this: #snort_path=/some-path/

Directly below it add a line that looks like this: snort_path=/path-to-
snort-rules/

**make sure you add the trailing slash!

1.
Create a file called 'snort' in your /path-to-snort-rules/ directory

Edit it... (pico -w /path-to-snort-rules/snort)

Paste these lines into it:

#***START***

#change this to reflect the real snort path
SNORTPATH=/usr/local/bin/snort

#change this to reflect the snort rule path
RULEPATH=/etc/snort

#dont touch
cd $RULEPATH

#change, add or remove for device configs
mv snort.eth0.conf snort.eth0.conf.broken
mv snort.eth1.conf snort.eth1.conf.broken
mv snort.eth2.conf snort.eth2.conf.broken

#change, add or remove for device configs
#removes the "byte_test" rules, until fix can be made
grep -v 'byte_test' snort.eth0.conf.broken > snort.eth0.conf
grep -v 'byte_test' snort.eth1.conf.broken > snort.eth1.conf
grep -v 'byte_test' snort.eth2.conf.broken > snort.eth2.conf

#dont touch
$SNORTPATH $1 $2 $3 $4 $5 $6 $7 $8 $9

#***END***


2.
Edit the file you just made and set all of the appropriate areas


3.
chmod +x /path-to-snort-rules/snort (figure it out)

4.
Ok youre done






-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SnortCenter v1.0 RC1 byte_test work around Richard Pesce (Jan 12)
- <Possible follow-ups>
- SnortCenter v1.0 RC1 byte_test work around Richard Pesce (Jan 12)