Snort mailing list archives

Re: Having a problem getting Snort rules implemented

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Thu, 26 May 2016 21:12:28 +0000


Create that directory ‘/usr/local/lib/snort_dynamicrules’. Snort is probably erroring out because the directory doesn’t 
exist.



Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: justin hyland [mailto:jhyland87 () gmail com]
Sent: Thursday, May 26, 2016 5:05 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Having a problem getting Snort rules implemented

Hello, new Snort user here. I just installed the latest version of Snort on a new CentOS7 server, following the 
instructions from this article: http://www.unixmen.com/install-snort-nids-centos-7/

It seemed to go pretty smoothly, except when I execute Snort, I get an error saying the rules at 
/usr/local/lib/snort_dynamicrules don't exist. And when I look through the community rules I downloaded, I dont see 
that in there at all. When I go and comment out the three dynamic rules lines and execute Snort again, I get another 
error, saying that /etc/snort/rules/local.rules doesn't exist.

The only thing in the /etc/snort/rules directory, is an iplists folder, which contains a default.blacklist.

Did I do something wrong? or miss a step in the article? I'm not sure how to get these rules setup. It walks you 
through installing pulledpork, but thats it.


// ---------------------------
Justin Hyland
Linux Engineer/Software Developer/Technology Enthusiast
It is the mark of an educated mind to be able to entertain a thought without accepting it. - Aristotle

M: 602.740.0620
E:  jhyland87 () gmail com<mailto:jhyland87 () gmail com>
W: www.justinhyland.com<http://www.justinhyland.com/>
LI: https://www.linkedin.com/in/justin-hyland-a0b34b10

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Having a problem getting Snort rules implemented justin hyland (May 26)
- Re: Having a problem getting Snort rules implemented Al Lewis (allewi) (May 26)
- Re: Having a problem getting Snort rules implemented Stephen Gantz (May 26)