Snort mailing list archives

Re: Linking rules in BASE

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 24 Aug 2010 20:08:00 -0400


this post, among other things, brings up the following...

On 8/24/2010 17:22, Billy Marshall wrote:

I am not sure what you mean by a sim-link with BASE, I don't recall ever making
any sim-links. However, the following is from the base_conf.php in your web
directory. It defines the variables for BASE. (assuming your using a Linux
distro and BASE 1.4.4)
If you have moved your rules then the variable 'local_rules_dir' is not
accurate. These also define the links in the output of BASE to correctly link to
websites.
$external_sig_link = array('bugtraq' =>
array('http://www.securityfocus.com/bid/&apos;, ''),
/*********** corrected 20100104 Bill marshall*/
/* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=&apos;, ''), */
'snort' => array('http://www.snortid.com/snortid.asp?QueryId=&apos;, ''),
'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=&apos;, ''),
'arachnids' => array('http://www.whitehats.com/info/ids&apos;, ''),


since arachnids/whitehats.com is long gone by several years, why do we still 
have all of the erroneous references to it and its database in the sigs and 
references file?

what i find about it now, and for the last 2 or 3 years, is a park page on some 
host out of OZ...

can we get these removed, please?

'mcafee' => array('http://vil.nai.com/vil/content/v_&apos;, '.htm'),
'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-&apos;, ''),
'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&amp;id=&apos;,
''),
'url' => array('http://&apos;, ''),
'local' => array('signatures/', '.txt'),
'local_rules_dir' => array('rules/', '.rules'),
'EmThreats' => array('http://docs.emergingthreats.net/&apos;, ''));

/* Custom (user) PHP session handlers



------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Linking rules in BASE Kun, Mike (Aug 24)
- Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
  - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE JJC (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Paul Schmehl (Aug 24)
    - Re: Linking rules in BASE Billy Marshall (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 25)