|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] snort webmin configuration
From: GDHough (mr6re9
execulink.com)
Date: Mon Jan 05 2004 - 08:02:11 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday 05 January 2004 07:41, agnelo d wrote:
> Hi,
> I've configured webmin for managing snort.
> 1. When i run snort using webmin it gives me error " snort does not appear
> to be running, if you know snort is running check the PID file setting in
> the module configuration.
>
Here is what I have done:
Servers > Snort IDS Admin > Module Config
Full path to Snort /usr/local/bin/snort -Ddeyz -c /etc/snort/snort.conf
Full path to Snort configuration file /etc/snort/snort.conf
Full path to Snort rule files directory /etc/snort
Full path to Snort PID file /var/run/snort_eth0.pid
Command to start Snort (optional)
URL to ACID (optional) https://localhost/acid/acid_main.php
> I can see that snort is running using ps -ef command.
> I've also checked the PID file /var/run/snort_eth1.pid file, it shows 1907.
> How can i resolve the error.
>
> 2. Secondly i'm unable to disable,enable or modify and new rules that i
> create using webmin. Pls. help
>
It was difficult for me to figure out too, but this did the trick:
In your configuration file, comment out the:
# Path to your rules files (this can be a relative path)
# var RULE_PATH /etc/snort
Snort will pick up the rules with the includes at the end of the file.
Next, make all the includes relative to snort:
include bad-traffic.rules
include exploit.rules
include scan.rules
include finger.rules
include ftp.rules
include telnet.rules
include rpc.rules
include rservices.rules
include dos.rules
include ddos.rules
include dns.rules
include tftp.rules
include web-cgi.rules
include web-coldfusion.rules
include web-iis.rules
include web-frontpage.rules
include web-misc.rules
include web-client.rules
include web-php.rules
include sql.rules
include x11.rules
include icmp.rules
include netbios.rules
include misc.rules
include attack-responses.rules
include oracle.rules
include mysql.rules
include snmp.rules
include smtp.rules
include imap.rules
include pop2.rules
include pop3.rules
include nntp.rules
include other-ids.rules
include web-attacks.rules
#include backdoor.rules
include shellcode.rules
#include policy.rules
include porn.rules
#include info.rules
include icmp-info.rules
#include virus.rules
#include chat.rules
include multimedia.rules
include p2p.rules
include experimental.rules
include local.rules
Save and you should be set.
farmer6re9
-*> Snort! <*-
Version 2.0.4 (Build 96)
--
Eating Crow is better with MyCrowSauce
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]