我配置在我的Ubuntu 12.04上安装Snort,其中还包括Barnyard2和BASE安装。我在Snort的网站上使用可下载规则,要求我在那里注册以获取oinkcode。
但是,在我调查了我已经提取到所有规则所在的/etc/snort/rules目录的规则之后,所有这些规则都只是空白。
这是其中一条规则
# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#------------
# SCAN RULES
#------------
任何人都可以帮我指出这些规则有什么问题吗?
我用我使用的snortrules-snapshot-2970.tar.gz oinckode下载了snort-2.9.7.0。有什么解决方案吗?如果需要,我也可以发布snort配置文件(snort.conf),但我不知道如何在帖子中缩短它。
答案 0 :(得分:0)
并非所有文件都是空的。当规则从旧的类别结构移动到新的类别结构时,旧文件保留在那里以便向后兼容。
继续寻找