After installing the IPcop got the following error messages
When running update the Error is:
HTTP::Response=HASH(0x82a3c14)->code registered md5
When running download the Error is:
HTTP::Response=HASH(0x82a3c68)->code
The reason is that now snort.org publish rules now on current branch that are no more compatible with snort-2.6.1.5
We have manually add the current branch, to - date it is 2. You can find on snort if you have your account on snort.org under My Account-->My Oinkcodes along with the code (You must have account at snort to access code and use snort in IPCOP).
Here is a solution, it is a manual fixation in the code.
Open the /usr/local/bin/snortrules.pl in and editor.
root@firewall:/etc/snort # nano /usr/local/bin/snortrules.pl
Change the value to 2.8 at line no 55.
my $rulesbranch="2.8"; # version should match snort branch version
Save the change.
Remember you must have to add the oink code in IPCOP--> Services-->INTRUSION DETECTION.
Save-Apply-Refresh update list-Download Rullset.
It should work, no update rull-set failure or MD5 checksum error.
https://www.snort.org/
http://www.howtoforge.com/perfect_linux_firewall_ipcop
4 comments:
Thanks that worked.... on 1.4.21
cheers
hi
after doing what you said :
root@firewall:/etc/snort # nano /usr/local/bin/snortrules.pl
Change the value to 2.8 at line no 55.
my $rulesbranch="2.8"; # version should match snort branch version
, when i am trying to restart snort, its say :
1 Snort failure(s) to start
and /var/log/messages
FATAL ERROR: /etc/snort/rules/exploit.rules(38): Cannot check flow connection for non-TCP traffic
any idea how to fix this ??
thanks
I fixed but very late, see post
http://imranasghar.blogspot.com/2010/08/intrusion-detection-service-in-ipcop.html
I enjoyed every little bit of it, I have you bookmarked and waiting for all the new stuff you post.
Intrusion Detection
Post a Comment