Snort mailing list archives
Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'.
From: Matthew White <on3moda () gmail com>
Date: Thu, 26 May 2016 09:43:59 -0500
FYI rules from pulledpork breaking snort. Commented them out. 9844 alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.5.x Detected"; flow:established,to_server; content:" Java/1.5."; nocase; h ttp_header; disable:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javatester.org/version.html; classtype:ba d-unknown; sid:2011581; rev:9;) 10007 alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Vulnerable Java Version 1.7.x Detected"; flow:established,to_server; content:" Java/1.7.0_"; http_he ader; content:!"99"; within:2; http_header; disable:set,ET.http.javaclient.vulnerable; threshold: type limit, count 2, seconds 300, track by_src; reference:url,javateste r.org/version.html; reference:url,java.com/en/download/manual_java7.jsp; classtype:bad-unknown; sid:2014297; rev:41;) On Wed, May 25, 2016 at 8:23 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
What does line 9844 of the snort.rules file say? "vi +9844 snort.rules” will take you right to it. -- *Joel Esler* Manager, Talos Group On May 25, 2016, at 8:59 PM, Matthew White <on3moda () gmail com> wrote: After modifying my pulledpork.conf file I now get the following. FATAL ERROR: /etc/snort/rules/snort.rules(9844) Unknown rule option: 'disable'. Not seeing this in forums. Any ideas? ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Matthew White (May 25)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Matthew White (May 25)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Joel Esler (jesler) (May 25)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Matthew White (May 26)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Shirkdog (May 26)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. James Lay (May 26)
- Re: FATAL ERROR - FATAL ERROR: Unknown rule option: 'disable'. Matthew White (May 26)