Bonjour à tous,
Sur 1.4.21 j'utilise snort. J'ai dû appliquer le patch que j'ai trouvé sur le forum, maintenant j'ai bien la màj des règles.
Plus tard j'ai refait ma màj des règles (les dernières datant de presque deux mois) ensuite "Enregistrer" puis "Appliquer maintenant". Et là le cadre rouge : snort ne démarre plus.
Je ne vois pas où chercher. Connaissez-vous ce problème ?
Merci d'avance et bon travail à tous.
snort planté après maj des règles
Modérateur: modos Ixus
2 messages
• Page 1 sur 1
snort planté après maj des règles
par betienne » 02 Mai 2010 14:05
- betienne
- Second Maître
- Messages: 32
- Inscrit le: 09 Jan 2010 15:34
- Localisation: Toulouse
par fuzziqc » 17 Mai 2010 07:55
bonjour même problème, J'ai la version 1.4.21 et depuis que j'ai appliquer le patch pour corriger le problème de snort, j'ai ce message depuis <2 défaut de snort a démarrer>.Les mise a jour ont l'air de bien ce passé mais Snort ne démarre plus.
Voici mon log de snort a ma dernière mise a jour le 17/05/10.
ombre total d'accès pour la section snort Mai 17, 2010: 1200
Plus ancien Plus récent
Heure Section
01:22:24 snort[1955] Parsing Rules file /etc/snort/snort.conf
01:22:24 snort[1955] Var 'DNS_SERVERS' redefined
01:22:24 snort[1955] PortVar 'HTTP_PORTS' defined :
01:22:24 snort[1955] [ 80 ]
01:22:24 snort[1955]
01:22:24 snort[1955] PortVar 'SHELLCODE_PORTS' defined :
01:22:24 snort[1955] [ 0:79 81:65535 ]
01:22:24 snort[1955]
01:22:24 snort[1955] PortVar 'ORACLE_PORTS' defined :
01:22:24 snort[1955] [ 1521 ]
01:22:24 snort[1955]
01:22:24 snort[1955] Detection:
01:22:24 snort[1955] Search-Method = Low-Mem-Q
01:22:24 snort[1955] Frag3 global config:
01:22:24 snort[1955] Max frags: 65536
01:22:24 snort[1955] Fragment memory cap: 2097152 bytes
01:22:24 snort[1955] Frag3 engine config:
01:22:24 snort[1955] Target-based policy: LINUX
01:22:24 snort[1955] Fragment timeout: 60 seconds
01:22:24 snort[1955] Fragment min_ttl: 1
01:22:24 snort[1955] Fragment ttl_limit (not used): 5
01:22:24 snort[1955] Fragment Problems: 1
01:22:24 snort[1955] Stream5 global config:
01:22:24 snort[1955] Track TCP sessions: ACTIVE
01:22:24 snort[1955] Max TCP sessions: 8192
01:22:24 snort[1955] Memcap (for reassembly packet storage): 8388608
01:22:24 snort[1955] Track UDP sessions: INACTIVE
01:22:24 snort[1955] Track ICMP sessions: INACTIVE
01:22:24 snort[1955] Log info if session memory consumption exceeds 1048576
01:22:24 snort[1955] Stream5 TCP Policy config:
01:22:24 snort[1955] Reassembly Policy: FIRST
01:22:24 snort[1955] Timeout: 30 seconds
01:22:24 snort[1955] Min ttl: 1
01:22:24 snort[1955] Maximum number of bytes to queue per session: 1048576
01:22:24 snort[1955] Maximum number of segs to queue per session: 2621
01:22:24 snort[1955] Options:
01:22:24 snort[1955] Static Flushpoint Sizes: YES
01:22:24 snort[1955] Reassembly Ports:
01:22:24 snort[1955] 21 client (Footprint)
01:22:24 snort[1955] 23 client (Footprint)
01:22:24 snort[1955] 25 client (Footprint)
01:22:24 snort[1955] 42 client (Footprint)
01:22:24 snort[1955] 53 client (Footprint)
01:22:24 snort[1955] 80 client (Footprint)
01:22:24 snort[1955] 110 client (Footprint)
01:22:24 snort[1955] 111 client (Footprint)
01:22:24 snort[1955] 135 client (Footprint)
01:22:24 snort[1955] 136 client (Footprint)
01:22:24 snort[1955] 137 client (Footprint)
01:22:24 snort[1955] 139 client (Footprint)
01:22:24 snort[1955] 143 client (Footprint)
01:22:24 snort[1955] 445 client (Footprint)
01:22:24 snort[1955] 513 client (Footprint)
01:22:24 snort[1955] 514 client (Footprint)
01:22:24 snort[1955] 1433 client (Footprint)
01:22:24 snort[1955] 1521 client (Footprint)
01:22:24 snort[1955] 2401 client (Footprint)
01:22:24 snort[1955] 3306 client (Footprint)
01:22:24 snort[1955] HttpInspect Config:
01:22:24 snort[1955] GLOBAL CONFIG
01:22:24 snort[1955] Max Pipeline Requests: 0
01:22:24 snort[1955] Inspection Type: STATELESS
01:22:24 snort[1955] Detect Proxy Usage: NO
01:22:24 snort[1955] IIS Unicode Map Filename: /etc/snort/rules/unicode.map
01:22:24 snort[1955] IIS Unicode Map Codepage: 1252
01:22:24 snort[1955] DEFAULT SERVER CONFIG:
01:22:24 snort[1955] Server profile: All
01:22:24 snort[1955] Ports: 80 800
01:22:24 snort[1955] Server Flow Depth: 300
01:22:24 snort[1955] Client Flow Depth: 300
01:22:24 snort[1955] Max Chunk Length: 500000
01:22:24 snort[1955] Max Header Field Length: 0
01:22:24 snort[1955] Max Number Header Fields: 0
01:22:24 snort[1955] Inspect Pipeline Requests: YES
01:22:24 snort[1955] URI Discovery Strict Mode: NO
01:22:24 snort[1955] Allow Proxy Usage: NO
01:22:24 snort[1955] Disable Alerting: NO
01:22:24 snort[1955] Oversize Dir Length: 500
01:22:24 snort[1955] Only inspect URI: NO
01:22:24 snort[1955] Normalize HTTP Headers: NO
01:22:24 snort[1955] Normalize HTTP Cookies: NO
01:22:24 snort[1955] Ascii: YES alert: NO
01:22:24 snort[1955] Double Decoding: YES alert: YES
01:22:24 snort[1955] %U Encoding: YES alert: YES
01:22:24 snort[1955] Bare Byte: YES alert: YES
01:22:24 snort[1955] Base36: OFF
01:22:24 snort[1955] UTF 8: OFF
01:22:24 snort[1955] IIS Unicode: YES alert: YES
01:22:24 snort[1955] Multiple Slash: YES alert: NO
01:22:24 snort[1955] IIS Backslash: YES alert: NO
01:22:24 snort[1955] Directory Traversal: YES alert: NO
01:22:24 snort[1955] Web Root Traversal: YES alert: YES
01:22:24 snort[1955] Apache WhiteSpace: YES alert: NO
01:22:24 snort[1955] IIS Delimiter: YES alert: NO
01:22:24 snort[1955] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
01:22:24 snort[1955] Non-RFC Compliant Characters: NONE
01:22:24 snort[1955] Whitespace Characters: 0x09 0x0b 0x0c 0x0d
01:22:24 snort[1955] rpc_decode arguments:
01:22:24 snort[1955] Ports to decode RPC on: 111 32771
01:22:24 snort[1955] alert_fragments: INACTIVE
01:22:24 snort[1955] alert_large_fragments: ACTIVE
01:22:24 snort[1955] alert_incomplete: ACTIVE
01:22:24 snort[1955] alert_multiple_requests: ACTIVE
01:22:24 snort[1955] Portscan Detection Config:
01:22:24 snort[1955] Detect Protocols: TCP UDP ICMP IP
01:22:24 snort[1955] Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
01:22:24 snort[1955] Sensitivity Level: Low
01:22:24 snort[1955] Memcap (in bytes): 10000000
01:22:24 snort[1955] Number of Nodes: 36900
01:22:24 snort[1955]
01:22:26 snort[1955] Tagged Packet Limit: 256
01:22:26 snort[1955] Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/.. .
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ftptelnet_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dcerpc_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ssh_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dns_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _smtp_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dce2_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ssl_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_s fdynamic_preprocessor_example.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicprep rocessor/
01:22:26 snort[1955] FTPTelnet Config:
01:22:26 snort[1955] GLOBAL CONFIG
01:22:26 snort[1955] Inspection Type: stateful
01:22:26 snort[1955] Check for Encrypted Traffic: YES alert: YES
01:22:26 snort[1955] Continue to check encrypted data: NO
01:22:26 snort[1955] TELNET CONFIG:
01:22:26 snort[1955] Ports: 23
01:22:26 snort[1955] Are You There Threshold: 200
01:22:26 snort[1955] Normalize: YES
01:22:26 snort[1955] Detect Anomalies: NO
01:22:26 snort[1955] FTP CONFIG:
01:22:26 snort[1955] FTP Server: default
01:22:26 snort[1955] Ports: 21
01:22:26 snort[1955] Check for Telnet Cmds: YES alert: YES
01:22:26 snort[1955] Identify open data channels: YES
01:22:26 snort[1955] FTP Client: default
01:22:26 snort[1955] Check for Bounce Attacks: YES alert: YES
01:22:26 snort[1955] Check for Telnet Cmds: YES alert: YES
01:22:26 snort[1955] Max Response Length: 256
Plus ancien Plus récent
Voici mon log de snort a ma dernière mise a jour le 17/05/10.
ombre total d'accès pour la section snort Mai 17, 2010: 1200
Plus ancien Plus récent
Heure Section
01:22:24 snort[1955] Parsing Rules file /etc/snort/snort.conf
01:22:24 snort[1955] Var 'DNS_SERVERS' redefined
01:22:24 snort[1955] PortVar 'HTTP_PORTS' defined :
01:22:24 snort[1955] [ 80 ]
01:22:24 snort[1955]
01:22:24 snort[1955] PortVar 'SHELLCODE_PORTS' defined :
01:22:24 snort[1955] [ 0:79 81:65535 ]
01:22:24 snort[1955]
01:22:24 snort[1955] PortVar 'ORACLE_PORTS' defined :
01:22:24 snort[1955] [ 1521 ]
01:22:24 snort[1955]
01:22:24 snort[1955] Detection:
01:22:24 snort[1955] Search-Method = Low-Mem-Q
01:22:24 snort[1955] Frag3 global config:
01:22:24 snort[1955] Max frags: 65536
01:22:24 snort[1955] Fragment memory cap: 2097152 bytes
01:22:24 snort[1955] Frag3 engine config:
01:22:24 snort[1955] Target-based policy: LINUX
01:22:24 snort[1955] Fragment timeout: 60 seconds
01:22:24 snort[1955] Fragment min_ttl: 1
01:22:24 snort[1955] Fragment ttl_limit (not used): 5
01:22:24 snort[1955] Fragment Problems: 1
01:22:24 snort[1955] Stream5 global config:
01:22:24 snort[1955] Track TCP sessions: ACTIVE
01:22:24 snort[1955] Max TCP sessions: 8192
01:22:24 snort[1955] Memcap (for reassembly packet storage): 8388608
01:22:24 snort[1955] Track UDP sessions: INACTIVE
01:22:24 snort[1955] Track ICMP sessions: INACTIVE
01:22:24 snort[1955] Log info if session memory consumption exceeds 1048576
01:22:24 snort[1955] Stream5 TCP Policy config:
01:22:24 snort[1955] Reassembly Policy: FIRST
01:22:24 snort[1955] Timeout: 30 seconds
01:22:24 snort[1955] Min ttl: 1
01:22:24 snort[1955] Maximum number of bytes to queue per session: 1048576
01:22:24 snort[1955] Maximum number of segs to queue per session: 2621
01:22:24 snort[1955] Options:
01:22:24 snort[1955] Static Flushpoint Sizes: YES
01:22:24 snort[1955] Reassembly Ports:
01:22:24 snort[1955] 21 client (Footprint)
01:22:24 snort[1955] 23 client (Footprint)
01:22:24 snort[1955] 25 client (Footprint)
01:22:24 snort[1955] 42 client (Footprint)
01:22:24 snort[1955] 53 client (Footprint)
01:22:24 snort[1955] 80 client (Footprint)
01:22:24 snort[1955] 110 client (Footprint)
01:22:24 snort[1955] 111 client (Footprint)
01:22:24 snort[1955] 135 client (Footprint)
01:22:24 snort[1955] 136 client (Footprint)
01:22:24 snort[1955] 137 client (Footprint)
01:22:24 snort[1955] 139 client (Footprint)
01:22:24 snort[1955] 143 client (Footprint)
01:22:24 snort[1955] 445 client (Footprint)
01:22:24 snort[1955] 513 client (Footprint)
01:22:24 snort[1955] 514 client (Footprint)
01:22:24 snort[1955] 1433 client (Footprint)
01:22:24 snort[1955] 1521 client (Footprint)
01:22:24 snort[1955] 2401 client (Footprint)
01:22:24 snort[1955] 3306 client (Footprint)
01:22:24 snort[1955] HttpInspect Config:
01:22:24 snort[1955] GLOBAL CONFIG
01:22:24 snort[1955] Max Pipeline Requests: 0
01:22:24 snort[1955] Inspection Type: STATELESS
01:22:24 snort[1955] Detect Proxy Usage: NO
01:22:24 snort[1955] IIS Unicode Map Filename: /etc/snort/rules/unicode.map
01:22:24 snort[1955] IIS Unicode Map Codepage: 1252
01:22:24 snort[1955] DEFAULT SERVER CONFIG:
01:22:24 snort[1955] Server profile: All
01:22:24 snort[1955] Ports: 80 800
01:22:24 snort[1955] Server Flow Depth: 300
01:22:24 snort[1955] Client Flow Depth: 300
01:22:24 snort[1955] Max Chunk Length: 500000
01:22:24 snort[1955] Max Header Field Length: 0
01:22:24 snort[1955] Max Number Header Fields: 0
01:22:24 snort[1955] Inspect Pipeline Requests: YES
01:22:24 snort[1955] URI Discovery Strict Mode: NO
01:22:24 snort[1955] Allow Proxy Usage: NO
01:22:24 snort[1955] Disable Alerting: NO
01:22:24 snort[1955] Oversize Dir Length: 500
01:22:24 snort[1955] Only inspect URI: NO
01:22:24 snort[1955] Normalize HTTP Headers: NO
01:22:24 snort[1955] Normalize HTTP Cookies: NO
01:22:24 snort[1955] Ascii: YES alert: NO
01:22:24 snort[1955] Double Decoding: YES alert: YES
01:22:24 snort[1955] %U Encoding: YES alert: YES
01:22:24 snort[1955] Bare Byte: YES alert: YES
01:22:24 snort[1955] Base36: OFF
01:22:24 snort[1955] UTF 8: OFF
01:22:24 snort[1955] IIS Unicode: YES alert: YES
01:22:24 snort[1955] Multiple Slash: YES alert: NO
01:22:24 snort[1955] IIS Backslash: YES alert: NO
01:22:24 snort[1955] Directory Traversal: YES alert: NO
01:22:24 snort[1955] Web Root Traversal: YES alert: YES
01:22:24 snort[1955] Apache WhiteSpace: YES alert: NO
01:22:24 snort[1955] IIS Delimiter: YES alert: NO
01:22:24 snort[1955] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
01:22:24 snort[1955] Non-RFC Compliant Characters: NONE
01:22:24 snort[1955] Whitespace Characters: 0x09 0x0b 0x0c 0x0d
01:22:24 snort[1955] rpc_decode arguments:
01:22:24 snort[1955] Ports to decode RPC on: 111 32771
01:22:24 snort[1955] alert_fragments: INACTIVE
01:22:24 snort[1955] alert_large_fragments: ACTIVE
01:22:24 snort[1955] alert_incomplete: ACTIVE
01:22:24 snort[1955] alert_multiple_requests: ACTIVE
01:22:24 snort[1955] Portscan Detection Config:
01:22:24 snort[1955] Detect Protocols: TCP UDP ICMP IP
01:22:24 snort[1955] Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
01:22:24 snort[1955] Sensitivity Level: Low
01:22:24 snort[1955] Memcap (in bytes): 10000000
01:22:24 snort[1955] Number of Nodes: 36900
01:22:24 snort[1955]
01:22:26 snort[1955] Tagged Packet Limit: 256
01:22:26 snort[1955] Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/.. .
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ftptelnet_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dcerpc_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ssh_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dns_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _smtp_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _dce2_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf _ssl_preproc.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_s fdynamic_preprocessor_example.so...
01:22:26 snort[1955] done
01:22:26 snort[1955] Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicprep rocessor/
01:22:26 snort[1955] FTPTelnet Config:
01:22:26 snort[1955] GLOBAL CONFIG
01:22:26 snort[1955] Inspection Type: stateful
01:22:26 snort[1955] Check for Encrypted Traffic: YES alert: YES
01:22:26 snort[1955] Continue to check encrypted data: NO
01:22:26 snort[1955] TELNET CONFIG:
01:22:26 snort[1955] Ports: 23
01:22:26 snort[1955] Are You There Threshold: 200
01:22:26 snort[1955] Normalize: YES
01:22:26 snort[1955] Detect Anomalies: NO
01:22:26 snort[1955] FTP CONFIG:
01:22:26 snort[1955] FTP Server: default
01:22:26 snort[1955] Ports: 21
01:22:26 snort[1955] Check for Telnet Cmds: YES alert: YES
01:22:26 snort[1955] Identify open data channels: YES
01:22:26 snort[1955] FTP Client: default
01:22:26 snort[1955] Check for Bounce Attacks: YES alert: YES
01:22:26 snort[1955] Check for Telnet Cmds: YES alert: YES
01:22:26 snort[1955] Max Response Length: 256
Plus ancien Plus récent
- fuzziqc
- Matelot
- Messages: 1
- Inscrit le: 17 Mai 2010 07:41
2 messages
• Page 1 sur 1
Qui est en ligne ?
Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité