- 论坛徽章:
- 0
|
我是在freebsd6.3上装源码装的2.8.0.1,好像没遇到此问题。后来在6.3和7.0上用ports方式装的snort,版本是2.7的。在2.7版本查rules目录下没有sid为1143和1144规则,其他两个有,建议下载更新一下规则库试试。
snort# grep 'sid:1143;' *
snort# grep 'sid:1144;' *
snort# grep 'sid:3544;' *
web-misc.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt"; flow:to_server,established; content:"/ComGetLogFile.php3"; nocase; pcre:"/fn=\x2e\x2e(\x2f|\x5c)/Rmsi"; metadata:service http; reference:bugtraq,12592; reference:cve,2005-0481; reference:nessus,17160; classtype:web-application-attack; sid:3544; rev:5
snort#
snort# grep 'sid:3545;' *
web-misc.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 8090 (msg:"WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure"; flow:to_server,established; content:"/ComGetLogFile.php3"; nocase; pcre:"/fn=Eye\d{4}_\d{2}.log/Rmsi"; metadata:service http; reference:bugtraq,12592; reference:cve,2005-0481; reference:nessus,17160; classtype:web-application-activity; sid:3545; rev:5
另外snort作为服务启动前最好先使用抓包方式先忽略掉snort.conf启动看是否能启动起来:
snort -dev -i 接口
如果屏幕快速显示证明snort程序没有问题,然后再加载-c snort.conf |
|