Snort mailing list archives
Re: snort NIDS
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 7 Feb 2015 21:03:52 +0000
On Feb 6, 2015, at 7:29 PM, rezaa abedi <nndreza () yahoo com<mailto:nndreza () yahoo com>> wrote: Hi all, I installed snort in my ubuntu machine and I need to edit Snort’s main configuration file, /etc/snort/snort.conf. When I run Snort with this file as an argument, it tells Snort to run in NIDS mode. Before I run Snort in NIDS mode, I need to make a few edits to the default configuration file. I need to comment out all of the individual rule files that are referenced in the Snort configuration file, since instead of downloading each file individually, I will use PulledPork to manage our rulesets, which combines all the rules into a single file. The following line supposed to comment out all rulesets in our snort.conf file but it does not work? sudo sed -i ’s/include \$RULE\_PATH/#include \$RULE\_PATH/’ /etc/snort/snort.conf any ideas please ? This is the error I get every time when I run the above command: $~/snort_src/snort-2.9.7.0$ sudo sed -i ’s/include \$RULE\_PATH/#include \$RULE\_PATH/’ /etc/snort/snort.conf sed: -e expression #1, char 1: unknown command: `�’ Looks like your error is listed above. So let’s examine your command: sudo sed -i ’s/include \$RULE\_PATH/#include \$RULE\_PATH/’ /etc/snort/snort.conf The error being in the first “apostrophe”. You don’t have a true apostrophe there. What you are wanting to do is probably: sudo sed -i 's/include\ \$RULE\_PATH/#include\ \$RULE\_PATH/' /etc/snort/snort.conf That being said, the above will not turn off all rules in the snort.conf, that will just comment out the RULE_PATH, which will cause more errors. You probably want to remove all the “include $RULE_PATH/<rulefile>.rules” lines in your snort.conf and replace them all with a single entry of snort.rules. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort NIDS rezaa abedi (Feb 06)
- Re: snort NIDS Joel Esler (jesler) (Feb 07)