Snort
Olá Caros Amigos.
Estou tendo um problema para utilizar o snort que é o seguite, ao
executar o comando a baixo, para verificar se o mesmo está funcionando:
snort -I /var/log/snort -c /etc/snort/snort.conf -u snort -h snort
Eu recebo a seguinte mensagem:
ERROR: No netmask specified for home network!
Fatal Error, Quitting..
Por isso segue a baixo uma cópia do arquivo de configuração que possuo,
se alguém puder me ajudar agradeço muito.
Muito Obrigado a Todos.
var HOME_NET 192.168.0.0/24
var EXTERNAL_NET !$HOME_NET 200.168.142.132/24
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
#var HTTP_PORTS 8081
## var HTTP_PORTS 80
## include somefile.rules
## var HTTP_PORTS 8080
## include somefile.rules
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS
[64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH /etc/snort/rules
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
profile all \
ports { 80 8080 }
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor flow-portscan: \
talker-sliding-scale-factor 0.50 \
talker-fixed-threshold 30 \
talker-sliding-threshold 30 \
talker-sliding-window 20 \
talker-fixed-window 30 \
scoreboard-rows-talker 30000 \
server-watchnet $HOME_NET \
server-ignore-limit 200 \
server-rows 65535 \
server-learning-time 14400 \
server-scanner-limit 4 \
scanner-sliding-window 20 \
scanner-sliding-scale-factor 0.50 \
scanner-fixed-threshold 15 \
scanner-sliding-threshold 40 \
scanner-fixed-window 15 \
scoreboard-rows-scanner 30000 \
src-ignore-net $HOME_NET \
dst-ignore-net [10.0.0.0/30] \
alert-mode once \
output-mode msg \
tcp-penalties on
#preprocessor arpspoof
#preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
output log_tcpdump: tcpdump.log
include classification.config
include reference.config
include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/oracle.rules
include $RULE_PATH/mysql.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
# include $RULE_PATH/web-attacks.rules
# include $RULE_PATH/backdoor.rules
# include $RULE_PATH/shellcode.rules
# include $RULE_PATH/policy.rules
# include $RULE_PATH/porn.rules
# include $RULE_PATH/info.rules
# include $RULE_PATH/icmp-info.rules
# include $RULE_PATH/virus.rules
# include $RULE_PATH/chat.rules
# include $RULE_PATH/multimedia.rules
# include $RULE_PATH/p2p.rules
include $RULE_PATH/experimental.rules
include threshold.conf
Reply to: