Re: Snort 2.8.6 not loading sensitive data rules

["Andy Berryman" <aberryman () Cymtec com>]

Ok, that took care of that error, but led to another. 


May  7 20:23:01 (none) snort[14603]: FATAL ERROR: /snort/conf/sensitive-data.rules(1) Unknown rule option: 'sd_pattern'.



Thanks,
Andy Berryman





-----Original Message-----
From: Ryan Jordan [mailto:ryan.jordan () sourcefire com] 
Sent: Friday, May 07, 2010 3:18 PM
To: Andy Berryman
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort 2.8.6 not loading sensitive data rules

D'oh. This was a bug we had during development, looks like the bugfix
didn't make it into the Snort tarball that we put on the website. I'll
make sure this gets fixed in the next release.

The rules sensitive-data.rules SHOULD say "alert tcp $HOME_NET ...",
but instead they say "alert $HOME_NET ...". In the meantime, you can
edit these rules to add in the word "tcp", there's only 5 rules so
it's a quick fix.

Sorry for the inconvenience.

-Ryan

On Fri, May 7, 2010 at 3:58 PM, Andy Berryman <aberryman () cymtec com> wrote:
> When I try to have snort 2.8.6 load the sensitive data rules, I get an
> error:
>
>
>
>
>
> May  7 19:35:47 (none) snort[9499]: FATAL ERROR: /snort
> /conf/sensitive-data.rules(1) Bad protocol: $HOME_NET.
>
>
>
> I can post the rules if needed.
>
>
>
> Thanks,
>
> Andy Berryman
>
> ________________________________
> This message from Cymtec Systems, Inc. contains confidential information and
> is solely for the use of the recipient(s) named above. If you are not the
> intended recipient or an agent responsible for delivering it to the intended
> recipient, you are hereby notified that you have received this message in
> error and that any review, disclosure, copying, distribution or use of the
> contents of this message is strictly prohibited. If you have received this
> message in error, please destroy it immediately and notify Cymtec Systems,
> Inc. by telephone at +1.314.993.8700 or by return e-mail.
> ________________________________
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended 
recipient, you are hereby notified that you have received this message in error and that any review, disclosure, 
copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message 
in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return 
e-mail.                    
###############################################################################

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users