Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#1 Le 22/07/2011, à 14:04

atout001

Snort - erreur fatal dans les rules

Bonjour,

je viens de suivre le tutorial disponible ici http://doc.ubuntu-fr.org/snort mais lorsque je le démarre avec la commande /etc/init.d/snort snart , j'obtiens une erreur dans le log /var/log/syslog car le logiciel ne démarre pas:

Jul 22 14:40:39 ns214220 snort[15870]: Running in IDS mode
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]:         --== Initializing Snort ==--
Jul 22 14:40:39 ns214220 snort[15870]: Initializing Output Plugins!
Jul 22 14:40:39 ns214220 snort[15870]: Initializing Preprocessors!
Jul 22 14:40:39 ns214220 snort[15870]: Initializing Plug-ins!
Jul 22 14:40:39 ns214220 snort[15870]: Parsing Rules file "/etc/snort/snort.conf"
Jul 22 14:40:39 ns214220 snort[15870]: PortVar 'HTTP_PORTS' defined : 
Jul 22 14:40:39 ns214220 snort[15870]:  [ 80 ]
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: PortVar 'SHELLCODE_PORTS' defined : 
Jul 22 14:40:39 ns214220 snort[15870]:  [ 0:79 81:65535 ]
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: PortVar 'ORACLE_PORTS' defined : 
Jul 22 14:40:39 ns214220 snort[15870]:  [ 1521 ]
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: PortVar 'FTP_PORTS' defined : 
Jul 22 14:40:39 ns214220 snort[15870]:  [ 21 ]
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: Tagged Packet Limit: 256
Jul 22 14:40:39 ns214220 snort[15870]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Jul 22 14:40:39 ns214220 snort[15870]: done
Jul 22 14:40:39 ns214220 snort[15870]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Jul 22 14:40:39 ns214220 snort[15870]: Log directory = /var/log/snort
Jul 22 14:40:39 ns214220 snort[15870]: Frag3 global config:
Jul 22 14:40:39 ns214220 snort[15870]:     Max frags: 65536
Jul 22 14:40:39 ns214220 snort[15870]:     Fragment memory cap: 4194304 bytes
Jul 22 14:40:39 ns214220 snort[15870]: Frag3 engine config:
Jul 22 14:40:39 ns214220 snort[15870]:     Target-based policy: FIRST
Jul 22 14:40:39 ns214220 snort[15870]:     Fragment timeout: 60 seconds
Jul 22 14:40:39 ns214220 snort[15870]:     Fragment min_ttl:   1
Jul 22 14:40:39 ns214220 snort[15870]:     Fragment Problems: 1
Jul 22 14:40:39 ns214220 snort[15870]:     Overlap Limit:     10
Jul 22 14:40:39 ns214220 snort[15870]:     Min fragment Length:     0
Jul 22 14:40:39 ns214220 snort[15870]: Stream5 global config:
Jul 22 14:40:39 ns214220 snort[15870]:     Track TCP sessions: ACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Max TCP sessions: 8192
Jul 22 14:40:39 ns214220 snort[15870]:     Memcap (for reassembly packet storage): 8388608
Jul 22 14:40:39 ns214220 snort[15870]:     Track UDP sessions: INACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Track ICMP sessions: INACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Log info if session memory consumption exceeds 1048576
Jul 22 14:40:39 ns214220 snort[15870]: Stream5 TCP Policy config:
Jul 22 14:40:39 ns214220 snort[15870]:     Reassembly Policy: FIRST
Jul 22 14:40:39 ns214220 snort[15870]:     Timeout: 30 seconds
Jul 22 14:40:39 ns214220 snort[15870]:     Min ttl:  1
Jul 22 14:40:39 ns214220 snort[15870]:     Maximum number of bytes to queue per session: 1048576
Jul 22 14:40:39 ns214220 snort[15870]:     Maximum number of segs to queue per session: 2621
Jul 22 14:40:39 ns214220 snort[15870]:     Reassembly Ports:
Jul 22 14:40:39 ns214220 snort[15870]:       21 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       23 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       25 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       42 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       53 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       80 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       110 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       111 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       135 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       136 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       137 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       139 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       143 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       445 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       513 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       514 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       1433 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       1521 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       2401 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]:       3306 client (Footprint) 
Jul 22 14:40:39 ns214220 snort[15870]: HttpInspect Config:
Jul 22 14:40:39 ns214220 snort[15870]:     GLOBAL CONFIG
Jul 22 14:40:39 ns214220 snort[15870]:       Max Pipeline Requests:    0
Jul 22 14:40:39 ns214220 snort[15870]:       Inspection Type:          STATELESS
Jul 22 14:40:39 ns214220 snort[15870]:       Detect Proxy Usage:       NO
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Unicode Map Codepage: 1252
Jul 22 14:40:39 ns214220 snort[15870]:     DEFAULT SERVER CONFIG:
Jul 22 14:40:39 ns214220 snort[15870]:       Server profile: All
Jul 22 14:40:39 ns214220 snort[15870]:       Ports: 80 8080 8180 
Jul 22 14:40:39 ns214220 snort[15870]:       Server Flow Depth: 300
Jul 22 14:40:39 ns214220 snort[15870]:       Client Flow Depth: 300
Jul 22 14:40:39 ns214220 snort[15870]:       Max Chunk Length: 500000
Jul 22 14:40:39 ns214220 snort[15870]:       Max Header Field Length: 0
Jul 22 14:40:39 ns214220 snort[15870]:       Max Number Header Fields: 0
Jul 22 14:40:39 ns214220 snort[15870]:       Inspect Pipeline Requests: YES
Jul 22 14:40:39 ns214220 snort[15870]:       URI Discovery Strict Mode: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Allow Proxy Usage: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Disable Alerting: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Oversize Dir Length: 500
Jul 22 14:40:39 ns214220 snort[15870]:       Only inspect URI: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Normalize HTTP Headers: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Normalize HTTP Cookies: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Ascii: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Double Decoding: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       %U Encoding: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Bare Byte: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Base36: OFF
Jul 22 14:40:39 ns214220 snort[15870]:       UTF 8: OFF
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Unicode: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Multiple Slash: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Backslash: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Directory Traversal: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       Web Root Traversal: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Apache WhiteSpace: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Delimiter: YES alert: NO
Jul 22 14:40:39 ns214220 snort[15870]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Jul 22 14:40:39 ns214220 snort[15870]:       Non-RFC Compliant Characters: NONE
Jul 22 14:40:39 ns214220 snort[15870]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Jul 22 14:40:39 ns214220 snort[15870]: rpc_decode arguments:
Jul 22 14:40:39 ns214220 snort[15870]:     Ports to decode RPC on: 111 32771 
Jul 22 14:40:39 ns214220 snort[15870]:     alert_fragments: INACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     alert_large_fragments: ACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     alert_incomplete: ACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     alert_multiple_requests: ACTIVE
Jul 22 14:40:39 ns214220 snort[15870]: Portscan Detection Config:
Jul 22 14:40:39 ns214220 snort[15870]:     Detect Protocols:  TCP UDP ICMP IP
Jul 22 14:40:39 ns214220 snort[15870]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Jul 22 14:40:39 ns214220 snort[15870]:     Sensitivity Level: Low
Jul 22 14:40:39 ns214220 snort[15870]:     Memcap (in bytes): 10000000
Jul 22 14:40:39 ns214220 snort[15870]:     Number of Nodes:   31347
Jul 22 14:40:39 ns214220 snort[15870]: FTPTelnet Config:
Jul 22 14:40:39 ns214220 snort[15870]:     GLOBAL CONFIG
Jul 22 14:40:39 ns214220 snort[15870]:       Inspection Type: stateful
Jul 22 14:40:39 ns214220 snort[15870]:       Check for Encrypted Traffic: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Continue to check encrypted data: NO
Jul 22 14:40:39 ns214220 snort[15870]:     TELNET CONFIG:
Jul 22 14:40:39 ns214220 snort[15870]:       Ports: 23 
Jul 22 14:40:39 ns214220 snort[15870]:       Are You There Threshold: 200
Jul 22 14:40:39 ns214220 snort[15870]:       Normalize: YES
Jul 22 14:40:39 ns214220 snort[15870]:       Detect Anomalies: NO
Jul 22 14:40:39 ns214220 snort[15870]:     FTP CONFIG:
Jul 22 14:40:39 ns214220 snort[15870]:       FTP Server: default
Jul 22 14:40:39 ns214220 snort[15870]:         Ports: 21 
Jul 22 14:40:39 ns214220 snort[15870]:         Check for Telnet Cmds: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:         Ignore Telnet Cmd Operations: OFF
Jul 22 14:40:39 ns214220 snort[15870]:         Identify open data channels: YES
Jul 22 14:40:39 ns214220 snort[15870]:       FTP Client: default
Jul 22 14:40:39 ns214220 snort[15870]:         Check for Bounce Attacks: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:         Check for Telnet Cmds: YES alert: YES
Jul 22 14:40:39 ns214220 snort[15870]:         Ignore Telnet Cmd Operations: OFF
Jul 22 14:40:39 ns214220 snort[15870]:         Max Response Length: 256
Jul 22 14:40:39 ns214220 snort[15870]: SMTP Config:
Jul 22 14:40:39 ns214220 snort[15870]:     Ports: 25 587 691 
Jul 22 14:40:39 ns214220 snort[15870]:     Inspection Type: Stateful
Jul 22 14:40:39 ns214220 snort[15870]:     Normalize: EXPN RCPT VRFY 
Jul 22 14:40:39 ns214220 snort[15870]:     Ignore Data: No
Jul 22 14:40:39 ns214220 snort[15870]:     Ignore TLS Data: No
Jul 22 14:40:39 ns214220 snort[15870]:     Ignore SMTP Alerts: No
Jul 22 14:40:39 ns214220 snort[15870]:     Max Command Line Length: Unlimited
Jul 22 14:40:39 ns214220 snort[15870]:     Max Specific Command Line Length: 
Jul 22 14:40:39 ns214220 snort[15870]:        ETRN:500 EXPN:255 HELO:500 HELP:500 MAIL:260 
Jul 22 14:40:39 ns214220 snort[15870]:        RCPT:300 VRFY:255 
Jul 22 14:40:39 ns214220 snort[15870]:     Max Header Line Length: Unlimited
Jul 22 14:40:39 ns214220 snort[15870]:     Max Response Line Length: Unlimited
Jul 22 14:40:39 ns214220 snort[15870]:     X-Link2State Alert: Yes
Jul 22 14:40:39 ns214220 snort[15870]:     Drop on X-Link2State Alert: No
Jul 22 14:40:39 ns214220 snort[15870]:     Alert on commands: None
Jul 22 14:40:39 ns214220 snort[15870]: SSH config: 
Jul 22 14:40:39 ns214220 snort[15870]:     Autodetection: DISABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Challenge-Response Overflow Alert: ENABLED
Jul 22 14:40:39 ns214220 snort[15870]:     SSH1 CRC32 Alert: ENABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Server Version String Overflow Alert: ENABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Protocol Mismatch Alert: ENABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Bad Message Direction Alert: DISABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Bad Payload Size Alert: DISABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Unrecognized Version Alert: DISABLED
Jul 22 14:40:39 ns214220 snort[15870]:     Max Encrypted Packets: 20  
Jul 22 14:40:39 ns214220 snort[15870]:     Max Server Version String Length: 80 (Default) 
Jul 22 14:40:39 ns214220 snort[15870]:     MaxClientBytes: 19600 (Default) 
Jul 22 14:40:39 ns214220 snort[15870]:     Ports:
Jul 22 14:40:39 ns214220 snort[15870]: #01122
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: DCE/RPC 2 Preprocessor Configuration
Jul 22 14:40:39 ns214220 snort[15870]:   Global Configuration
Jul 22 14:40:39 ns214220 snort[15870]:     DCE/RPC Defragmentation: Enabled
Jul 22 14:40:39 ns214220 snort[15870]:     Memcap: 102400 KB
Jul 22 14:40:39 ns214220 snort[15870]:     Events: none
Jul 22 14:40:39 ns214220 snort[15870]:   Server Default Configuration
Jul 22 14:40:39 ns214220 snort[15870]:     Policy: WinXP
Jul 22 14:40:39 ns214220 snort[15870]:     Detect ports
Jul 22 14:40:39 ns214220 snort[15870]:       SMB: 139 445 
Jul 22 14:40:39 ns214220 snort[15870]:       TCP: 135 
Jul 22 14:40:39 ns214220 snort[15870]:       UDP: 135 
Jul 22 14:40:39 ns214220 snort[15870]:       RPC over HTTP server: 593 
Jul 22 14:40:39 ns214220 snort[15870]:       RPC over HTTP proxy: None
Jul 22 14:40:39 ns214220 snort[15870]:     Autodetect ports
Jul 22 14:40:39 ns214220 snort[15870]:       SMB: None
Jul 22 14:40:39 ns214220 snort[15870]:       TCP: 1025-65535 
Jul 22 14:40:39 ns214220 snort[15870]:       UDP: 1025-65535 
Jul 22 14:40:39 ns214220 snort[15870]:       RPC over HTTP server: 1025-65535 
Jul 22 14:40:39 ns214220 snort[15870]:       RPC over HTTP proxy: None
Jul 22 14:40:39 ns214220 snort[15870]:     Maximum SMB command chaining: 3 commands
Jul 22 14:40:39 ns214220 snort[15870]: DNS config: 
Jul 22 14:40:39 ns214220 snort[15870]:     DNS Client rdata txt Overflow Alert: ACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Obsolete DNS RR Types Alert: INACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Experimental DNS RR Types Alert: INACTIVE
Jul 22 14:40:39 ns214220 snort[15870]:     Ports:
Jul 22 14:40:39 ns214220 snort[15870]:  53
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: SSLPP config:
Jul 22 14:40:39 ns214220 snort[15870]:     Encrypted packets: not inspected
Jul 22 14:40:39 ns214220 snort[15870]:     Ports:
Jul 22 14:40:39 ns214220 snort[15870]:       443      465      563      636      989
Jul 22 14:40:39 ns214220 snort[15870]:       992      993      994      995
Jul 22 14:40:39 ns214220 snort[15870]:     Server side data is trusted
Jul 22 14:40:39 ns214220 snort[15870]: 
Jul 22 14:40:39 ns214220 snort[15870]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Jul 22 14:40:39 ns214220 snort[15870]: Initializing rule chains...
Jul 22 14:40:39 ns214220 snort[15870]: Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead.
Jul 22 14:40:40 ns214220 snort[15870]: FATAL ERROR: /etc/snort/rules/emerging-activex.rules(42) Unknown rule option: 'file_data'.

Si je commente la règle, j'obtiens un message d'erreur équivalent pour la règle suivante etc...

Voici mon fichier de conf /etc/snort/snort.conf (juste la fin, au niveau des règles)

#EmergingThreats.net Rules
include $RULE_PATH/emerging-activex.rules
include $RULE_PATH/emerging-attack_response.rules
#include $RULE_PATH/emerging-botcc-BLOCK.rules
include $RULE_PATH/emerging-botcc.rules
include $RULE_PATH/emerging-chat.rules
include $RULE_PATH/emerging-ciarmy.rules
#include $RULE_PATH/emerging-compromised-BLOCK.rules
include $RULE_PATH/emerging-compromised.rules
include $RULE_PATH/emerging.conf
include $RULE_PATH/emerging-current_events.rules
include $RULE_PATH/emerging-deleted.rules
include $RULE_PATH/emerging-dns.rules
include $RULE_PATH/emerging-dos.rules
#include $RULE_PATH/emerging-drop-BLOCK.rules
include $RULE_PATH/emerging-drop.rules
#include $RULE_PATH/emerging-dshield-BLOCK.rules
include $RULE_PATH/emerging-dshield.rules
include $RULE_PATH/emerging-exploit.rules
include $RULE_PATH/emerging-ftp.rules
include $RULE_PATH/emerging-games.rules
include $RULE_PATH/emerging-icmp_info.rules
include $RULE_PATH/emerging-icmp.rules
include $RULE_PATH/emerging-imap.rules
include $RULE_PATH/emerging-inappropriate.rules
include $RULE_PATH/emerging-malware.rules
include $RULE_PATH/emerging-misc.rules
include $RULE_PATH/emerging-mobile_malware.rules
include $RULE_PATH/emerging-netbios.rules
include $RULE_PATH/emerging-p2p.rules
include $RULE_PATH/emerging-policy.rules
include $RULE_PATH/emerging-pop3.rules
#include $RULE_PATH/emerging-rbn-BLOCK.rules
include $RULE_PATH/emerging-rbn-malvertisers-BLOCK.rules
include $RULE_PATH/emerging-rbn-malvertisers.rules
include $RULE_PATH/emerging-rbn.rules
include $RULE_PATH/emerging-rpc.rules
include $RULE_PATH/emerging-scada.rules
include $RULE_PATH/emerging-scan.rules
include $RULE_PATH/emerging-shellcode.rules
include $RULE_PATH/emerging-smtp.rules
include $RULE_PATH/emerging-snmp.rules
include $RULE_PATH/emerging-sql.rules
include $RULE_PATH/emerging-telnet.rules
include $RULE_PATH/emerging-tftp.rules
include $RULE_PATH/emerging-tor-BLOCK.rules
include $RULE_PATH/emerging-tor.rules
include $RULE_PATH/emerging-trojan.rules
include $RULE_PATH/emerging-user_agents.rules
include $RULE_PATH/emerging-virus.rules
include $RULE_PATH/emerging-voip.rules
include $RULE_PATH/emerging-web_client.rules
include $RULE_PATH/emerging-web_server.rules
include $RULE_PATH/emerging-web_specific_apps.rules
include $RULE_PATH/emerging-worm.rules

et pour le fichier /etc/oinkmaster.conf , j'ai mis cette adresse: url = http://rules.emergingthreats.net/open-n … les.tar.gz

Est ce que vous aurez une solution?

Merci

Hors ligne

#2 Le 26/07/2011, à 10:03

atout001

Re : Snort - erreur fatal dans les rules

up

Hors ligne

#3 Le 01/02/2012, à 12:54

bleck

Re : Snort - erreur fatal dans les rules

J'ai rencontré le même problème. Le tutoriel était erroné. Les règles chargées depuis emergingtrheats.net étaient incompatibles avec la version de snort installée. J'ai corrigé la ligne erronée du tutoriel. En suivant le tuto, à la date d'aujourd'hui, ça fonctionne.

Pour faire les choses proprement, j'ai effacé les règles téléchargées précédemment (rm /etc/snort/rules/emerg*) et retiré de snort.conf la liste de règles ajoutées par la commande shell.

Dommage qu'Ubuntu ne mette pas à jour la version d'un logiciel de sécurité aussi important que snort. Il n'existe même pas de backport de la version 2.9 qui n'est donc installable que par compilation (une recherche donne plusieurs tuto).

Hors ligne