Snort mailing list archives
Re: Having a problem getting Snort rules implemented
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Thu, 26 May 2016 21:12:28 +0000
Create that directory ‘/usr/local/lib/snort_dynamicrules’. Snort is probably erroring out because the directory doesn’t exist. Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: justin hyland [mailto:jhyland87 () gmail com] Sent: Thursday, May 26, 2016 5:05 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Having a problem getting Snort rules implemented Hello, new Snort user here. I just installed the latest version of Snort on a new CentOS7 server, following the instructions from this article: http://www.unixmen.com/install-snort-nids-centos-7/ It seemed to go pretty smoothly, except when I execute Snort, I get an error saying the rules at /usr/local/lib/snort_dynamicrules don't exist. And when I look through the community rules I downloaded, I dont see that in there at all. When I go and comment out the three dynamic rules lines and execute Snort again, I get another error, saying that /etc/snort/rules/local.rules doesn't exist. The only thing in the /etc/snort/rules directory, is an iplists folder, which contains a default.blacklist. Did I do something wrong? or miss a step in the article? I'm not sure how to get these rules setup. It walks you through installing pulledpork, but thats it. // --------------------------- Justin Hyland Linux Engineer/Software Developer/Technology Enthusiast It is the mark of an educated mind to be able to entertain a thought without accepting it. - Aristotle M: 602.740.0620 E: jhyland87 () gmail com<mailto:jhyland87 () gmail com> W: www.justinhyland.com<http://www.justinhyland.com/> LI: https://www.linkedin.com/in/justin-hyland-a0b34b10
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Having a problem getting Snort rules implemented justin hyland (May 26)
- Re: Having a problem getting Snort rules implemented Al Lewis (allewi) (May 26)
- Re: Having a problem getting Snort rules implemented Stephen Gantz (May 26)