I have installed snort and ACIDLAB on Apache+MySQL. When I view snort alerts on acidlab page, not "sig_name" but "sig_id" is displayed in the column "Signature" like below.
ID Signature Timestamp
-------- --------- -------------------
#0-(1-2) 1 <==?? 2010-03-29 19:30:52
#1-(1-1) 2 <==?? 2010-03-29 19:29:52
Is this an error in the MySQL Database? I dont have any idea about this error.
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
I am trying to install snort on debian linux. The following error appears ERROR! Libpcre library not found. Get it from [URL].. I have installed the Libpcre3-dev library but the error is still on.What could I be doing wrong?
View 5 Replies View Relatedseems im getting this error when i update.I searched the forums for similar errors but i found no solution that worked for me. this is the error>>>>>
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: [URL]: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
W: Failed to fetch [URL]
W: Some index files failed to download, they have been ignored, or old ones used instead
How do i get the correct key?
Every time I try to update Ubuntu via the Update manager, I get the following error messages.
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: [URL] stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A2019EA84E7532C8
W: Failed to fetch [URL]
W: Some index files failed to download, they have been ignored, or old ones used instead.
I already tried sudo apt-get update:
Code:
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: [URL] stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A2019EA84E7532C8
W: Failed to fetch [URL]
W: Some index files failed to download, they have been ignored, or old ones used instead.
sudo apt-get upgrade
Code:
Err [URL] opera 11.00.1176
404 Not Found
Failed to fetch [URL] 404 Not Found
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
and sudo apt-get upgrade --fix-missing
Code:
Err [URL] opera 11.00.1176
404 Not Found
Failed to fetch [URL] 404 Not Found
I also tried changing my software sources server from United States to Main Server, but it didn't make any difference.
Details:Using wubi, just installed 2 weeks ago did an upgrade and got a grub command line "sh:grub>" dealI set the root of everything to my hard drive, and when I told it where the root.disk was located it says "error: fixup signature not match"
View 1 Replies View Relatedwhen i was updating my ubuntu 10.04 using update manager i got the error"W.A error occurred during the signature verification.the post is not updated and teh previous index files are used .GPG error: http://deb.playonlinux.com lucid release.
View 2 Replies View RelatedW: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: url karmic Release: The following signatures were invalid: NODATA 1 NODATA 2
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: url karmic-updates Release: The following signatures were invalid: NODATA 1 NODATA 2
W: GPG error: url karmic-backports Release: The following signatures were invalid: NODATA 1 NODATA 2
W: Failed to fetch cdrom://Ubuntu 9.10 _Karmic Koala_ - Release i386 (20091028.5)/dists/karmic/main/binary-i386/Packages.gz Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs
W: Failed to fetch cdrom://Ubuntu 9.10 _Karmic Koala_ - Release i386 (20091028.5)/dists/karmic/restricted/binary-i386/Packages.gz Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs
W: Failed to fetch url...karmic/Release
W: Failed to fetch url/ubuntu/...pdates/Release
W: Failed to fetch url/ubuntu/...6/Packages.bz2 Sub-process /bin/bzip2 returned an error code (2)
code....
W: Some index files failed to download, they have been ignored, or old ones used instead.
i have on my server SUSE Enterprise 11 SP1 installed. When i try to install an rpm it displays this error:
warning: fftw3-3.1.2-113.1.src.rpm: Header V3 DSA signature: NOKEY, key ID
>943d8bb8
> 1:fftw3 ###########################################
[code]....
I have a fairly old computer, (4 years) it is has an Intel Pentium 4 3,4 Ghz processor with 1,5Gb RAM, and had been running XP Home on a 80Gb HDD. About three weeks ago, I purchased a 500Gb HDD, and disconnected my old drive. I partitioned the new drive to 120 Gb and 380Gb. I put XP Pro on the 120Gb partition, and Ubuntu 9.10 on the balance.
On reboot, startup menu (grub?) gave me the option to boot from, among others, Ubuntu 9.10, and XP Pro. Both worked fine! I then reconnected the old drive, and if I wanted to boot up in XP Home, would tap "F8" on start-up, and select the old HDD to boot from. This was working fine and I was happy with the way it worked! This morning, when I re-booted, the Start-up menu now had XP Home added to the list.
If I select either Ubuntu 9.10 or XP Home, they both work fine, but if I select XP Pro, it give me the message "error: invalid signature" and when I press any key, brings me back to the menu.
I keep getting the updates icon popping up asking me to install software that is either already installed (Adobe Flash Player 10.1) or something that fails when I actually try to install is but I am sure it is also already installed (RPM Fusion Repository Config -free and nonfree). When I try to install the RPM Fusion packages it asked me for a Software Signature and then fails with the following message: failed to install signature: Traceback
[code]...
I have the flash player installed already and I am sure I already installed RPM Fusion. how can I resolve this and stop it from constantly asking me to install these packages?
I've had a problem doing updates to Ubuntu 9.10 Karmic for months. I'd like to upgrade, but figure I should solve the update issue first. The output of "apt-get update" is:
[Code]....
linux console always displaying the following error, is harddisk problem? it is using 1TB Seagate harddisk.
View 2 Replies View RelatedI recently switched my secondary/kid's computer to run with linux. I am trying to download a game called wizards101 for them that they play frequently. I keep getting this message reading
Archive: /tmp/InstallWizard101-1.exe[/tmp/InstallWizard101-1.exe] End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. zipinfo: cannot find zipfile directory in one of /tmp/InstallWizard101-1.exe or /tmp/InstallWizard101-1.exe.zip, and cannot find /tmp/InstallWizard101-1.exe.ZIP,period.
I dont know what to do about getting it downloaded. I never had this problem downloading this game on windows.
Using centos 5.3 for Elastix VoIP. linux console always displaying the following error, is harddisk problem? it is using 1TB Seagate harddisk
[Code]....
I was using 2.6.28-14 kernel version, it update me to 2.6.28-15. Now I have upgraded kernels many times, not first timer, but this is a first to me. So I have this wierd system setup, don't ask. Where I use lilo instead of grub, just take it as it comes guys, I have to. At any rate, it upgraded all fine, and I restarted, play the blues I got a "No setup signature found" error and lilo won't boot. So I did some searching on web and everyone says to boot up CD and re-install lilo. Well with grub I've done this many times, no prob bob, but lilo won't work.
So I used my super auto grub CD to try to re-do things. Since grub config and grub was still installed on my Linux partition I tried it right. No go of course, grub says it can't find the partition nor can it mount it. So I tried the beta of lilo on the grub cd and it don't work either. Botched it up worse, first it wouldn't do anything on my second drive, just sat there black screen. Then I did it a second time, let's screw it up some more right. Now it doesn't even find a boot loader in the MBR ha ha.
So at any rate, how in the sam heck do I fix this thing? Short of downloading 10.04 and re-installing everything?? Don't want to do this, too much work when I can just upgrade and keep my stuff installed and setup. So I tried running jaunty from CD and re-loading lilo. So everything is working fine right, I mounted drive and apt-get install lilo and ran lilo. So lilo even telling it what config file to use and where won't find things and won't re-install. So just for grins, even though I thought it wouldn't work I mounted my second drive linux partition, the one with the boot info on it, you ready, to root "/". Then I couldn't unmount
I am running Debian 5 and I'm trying to install and configure SNORT. My first stop is to Snort.org where I check out the directions. They tell me I need Libpcap, PCRE, Libnet and Barnyard. I've looked at the Debian Snort installation guide, and I've noticed that most the documents are really old...
I've actually got libpcap and PCRE installed and now I'm trying to figure out how to get libnet installed. It seems more tricky. I think it's the oldest api I've seen.
I guess my main area of question is if there is a better way of getting Snort up and running... I had a previous version of Linux where I install just Snort and I had network packets streaming across the screen, but that's not very helpful as I need some kind of interface so I know what the hell im looking at.
So should I follow the instructions on Snort.org as well as the "Debian, Snort, Barnyard, BASE, & Oinkmaster Setup Guide"? Or does anyone know a more up-to-date guide for Debian users?
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies View RelatedHow can I install snort in Ubuntu 10.10 and how can I use it?
View 1 Replies View RelatedI am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies View RelatedI normally install programs with yum but I have to download barnyard as a requisite for snort to detect instrusion attempts.I downloaded barnyard and ran ./configure, make, make install, etc.Where does the program get installed? I was running this as root so does it install it into /root/barnyard?
View 5 Replies View RelatedI'm using on my PC the firewall NuFW and SNORT. Snort send alerts when he detects a pornographic website. I would like that NuFW create an ACL to drop this IP. Can SNORT do this or must i do a program wich listen the Snort's port to catch the ip and write it in the ACL file of NuFW?
View 3 Replies View RelatedHow to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies View RelatedCode:
test@denial:~# ps -e | grep snort
18470 ? 00:00:00 snort
how do i disable snort daemon at start up? i only want it to be running when i want it to be running.
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
When i setup snort default listen on eth0, now i want change to eth1 set default listen interface.
View 11 Replies View RelatedAccording to tutorial for installing snort in CentOS, downloaded from CentOS or snort site, I installed snort using:
Code:
./configure -with-mysql-libraries=/usr/lib64/mysql/ --enable-dynamicplugin --enable-ipv6 --enable-zlib
make
make install
[Code].....
I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
View 4 Replies View Related