|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nick Moore (nmoore
sourcefire.com)
Date: Tue Aug 10 2010 - 06:48:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jun,
I would edit /etc/snort/rules/community-smtp.rules and comment out line 13.
After that, I would search for !any in all my rules files to make sure there
weren't any more of them.
Hope this helps and happy snorting!
Nick
On Tue, Aug 10, 2010 at 5:49 AM, Jun Wan <junwei_wanhotmail.com> wrote:
> Hi,
>
> I installed SNORT on a fresh Ubuntu 10.04 by following
> http://it.thelibrarie.com/weblog/?p=515
>
> snort -c /etc/snort/snort.conf -i eth0
>
> I get the following:
>
> Running in IDS mode
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins
>
> ....pls see the attached details of "Snort installation error.rtf"...
>
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is
> deprecated; use detection_filter instead.
> ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed
> Fatal Error, Quitting..
>
> Can't find much info via "google", so I would like to have your help.
>
> Any info and help would be much appreciated.
>
> Thanks for your patience with my many Snort questions.
>
> Regards
>
> John
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
--
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.mooresourcefire.com
IM nickgmoore (Yahoo)
nickgmoore38 (AIM)
,,_
o" )~ Sourcefire - The Creators of Snort
''''
www.sourcefire.com www.snort.org
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]