加了一些從網上下載的最新rules,並修改了對應的配置,結果報錯:
[root@localhost snort]# snort -A full -s -c /etc/snort/etc/snort.conf -i eth0
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/etc/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Var 'HOME_NET' defined, value len = 3 chars, value = any
Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
Var 'FTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SSH_SERVERS' defined, value len = 3 chars, value = any
Var 'POP_SERVERS' defined, value len = 3 chars, value = any
Var 'IMAP_SERVERS' defined, value len = 3 chars, value = any
Var 'RPC_SERVERS' defined, value len = 3 chars, value = any
Var 'WWW_SERVERS' defined, value len = 3 chars, value = any
Var 'AIM_SERVERS' defined, value len = 185 chars
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
ERROR: /etc/snort/etc/snort.conf(123) => Unknown rule type: portvar
Fatal Error, Quitting..
網上查詢說是路徑設置的問題。我的路徑設置如下:
var RULE_PATH /etc/snort/rules
之前是./rules,兩種情況都是出上面的錯誤。
[root@localhost snort]# snort -A full -s -c /etc/snort/etc/snort.conf -i eth0
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/etc/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Var 'HOME_NET' defined, value len = 3 chars, value = any
Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
Var 'FTP_SERVERS' defined, value len = 3 chars, value = any
Var 'SSH_SERVERS' defined, value len = 3 chars, value = any
Var 'POP_SERVERS' defined, value len = 3 chars, value = any
Var 'IMAP_SERVERS' defined, value len = 3 chars, value = any
Var 'RPC_SERVERS' defined, value len = 3 chars, value = any
Var 'WWW_SERVERS' defined, value len = 3 chars, value = any
Var 'AIM_SERVERS' defined, value len = 185 chars
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
ERROR: /etc/snort/etc/snort.conf(123) => Unknown rule type: portvar
Fatal Error, Quitting..
網上查詢說是路徑設置的問題。我的路徑設置如下:
var RULE_PATH /etc/snort/rules
之前是./rules,兩種情況都是出上面的錯誤。
