Autor
apt-get install fwsnort
he descargado las emerging-all.rules (http://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules) con fwsnort --update-rules
root@debian-2:/etc/fwsnort# fwsnort
- Testing /sbin/iptables for supported capabilities...
Snort Rules File Success Fail Total
- ddos-sergio.rules 0 1 1
- emerging-all.rules 11543 6737 18280
11543 6738 18281
- Generated iptables rules for 11543 out of 18281 signatures: 63.14%
- Logfile: /var/log/fwsnort/fwsnort.log
- iptables script (individual commands): /var/lib/fwsnort/fwsnort_iptcmds.sh
Main fwsnort iptables-save file: /var/lib/fwsnort/fwsnort.save
You can instantiate the fwsnort policy with the following command:
/sbin/iptables-restore < /var/lib/fwsnort/fwsnort.save
Or just execute: /var/lib/fwsnort/fwsnort.sh
#####################################################################
y me saca en /var/log/fwsnort/fwsnort.log algo asi al final:
-] SID: 2100586 Unsupported option(s): 'byte_jump' at line: 45115, skipping.
[-] SID: 2101279 Unsupported option(s): 'byte_jump' at line: 45117, skipping.
[-] SID: 2100587 Unsupported option(s): 'byte_jump' at line: 45119, skipping.
[-] SID: 2100588 Unsupported option(s): 'byte_jump' at line: 45121, skipping.
[-] SID: 2100589 Unsupported option(s): 'byte_jump' at line: 45123, skipping.
[-] SID: 2100590 Unsupported option(s): 'byte_jump' at line: 45125, skipping.
[-] SID: 2101277 Unsupported option(s): 'byte_jump' at line: 45127, skipping.
[-] SID: 2102257 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45131, skipping.
[-] SID: 2101388 Unsupported option(s): 'isdataat' at line: 45169, skipping.
[-] SID: 2100223, unsupported complex pcre: ^a\x3D[^\n]{1000,}
[-] SID: 2101907 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45275, skipping.
[-] SID: 2101963 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45279, skipping.
[-] SID: 2101915 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45281, skipping.
[-] SID: 2101913 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45283, skipping.
[-] SID: 2102185 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45291, skipping.
[-] SID: 2102256 Unsupported option(s): 'byte_jump' at line: 45309, skipping.
[-] SID: 2101964 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45311, skipping.
[-] SID: 2102025 Unsupported option(s): 'byte_test', 'byte_jump' at line: 45319, skipping.
[-] SID: 2101941 Unsupported option(s): 'isdataat' at line: 45351, skipping.
- Archiving /var/lib/fwsnort/fwsnort_iptcmds.sh
- Archiving /var/lib/fwsnort/fwsnort.save
- Archiving /var/lib/fwsnort/fwsnort.sh
estoy desesperado ya que me gustaria saber porque aparece en fail al lanzar fwsnort y no en success para que me cargue todas las rules. He probado haber si me detecta algo con kali linux pero parece como sino estubiera esa rules, ademas que rules puedo utilizar para detectar todo*.
Que debo hacer???? no me detecta ni mis propias reglas ya que estan en fail y no en success????????
Gracias
En línea
