OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Snort-users] Linking rules in BASE

From: waldo kitty (wkitty42windstream.net)
Date: Tue Aug 24 2010 - 19:08:00 CDT

this post, among other things, brings up the following...

On 8/24/2010 17:22, Billy Marshall wrote:
> I am not sure what you mean by a sim-link with BASE, I don't recall ever making
> any sim-links. However, the following is from the base_conf.php in your web
> directory. It defines the variables for BASE. (assuming your using a Linux
> distro and BASE 1.4.4)
> If you have moved your rules then the variable 'local_rules_dir' is not
> accurate. These also define the links in the output of BASE to correctly link to
> websites.
> $external_sig_link = array('bugtraq' =>
> array('http://www.securityfocus.com/bid/', ''),
> /*********** corrected 20100104 Bill marshall*/
> /* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''), */
> 'snort' => array('http://www.snortid.com/snortid.asp?QueryId=', ''),
> 'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
> 'arachnids' => array('http://www.whitehats.com/info/ids', ''),

since arachnids/whitehats.com is long gone by several years, why do we still
have all of the erroneous references to it and its database in the sigs and
references file?

what i find about it now, and for the last 2 or 3 years, is a park page on some
host out of OZ...

can we get these removed, please?

> 'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm'),
> 'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-', ''),
> 'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=',
> ''),
> 'url' => array('http://', ''),
> 'local' => array('signatures/', '.txt'),
> 'local_rules_dir' => array('rules/', '.rules'),
> 'EmThreats' => array('http://docs.emergingthreats.net/', ''));
>
> /* Custom (user) PHP session handlers

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users