我配置在 Ubuntu 12.04 上安装 Snort,其中还包括 Barnyard2 和 BASE 安装。我正在使用 Snort 网站上的可下载规则,该规则要求我在那里注册才能获取 oinkcode。
但是,在我调查了提取到所有规则所在的 /etc/snort/rules 目录中的规则后,所有这些规则都是空的。
这是其中一条规则,如下所示
# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#------------
# SCAN RULES
#------------
谁能帮我指出这些规则有什么问题吗?
我使用 snort-2.9.7.0 获得的 oinckode 下载了 snortrules-snapshot-2970.tar.gz。有什么解决办法吗?如果需要的话,我也可以发布 snort 配置文件(snort.conf),但我不知道如何使其更短。
最佳答案
并非所有文件都是空的。当规则从旧类别结构移动到新类别结构时,旧文件保留在那里以实现向后兼容性。
继续寻找
关于linux - snorrules 快照中的空规则,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27143273/