[Honeywall] Re: Honeywall - Snort Rules Update Problem (Vincent Ragosta)

Brett Ussher breusshe at hotmail.com
Mon Mar 15 01:31:02 EDT 2010


Here is the problem:

Snort 2.6 is not supported anymore.  I entered a ticket for this issue
with the Honeywall Project a few months ago, but no one from the project
has ever replied to it.  Essentially, it needs to be updated to 2.8, at
the least, maybe 3.0 at this point.  I think that using 2.8 rules on a
2.6 snort will not be fully compatible, as I recall, there are changes
to how the rules are parsed between 2.6 and 2.8, but I might be wrong. 
The Snort project would be a good place to ask that question.

Brett Ussher

honeywall-request at public.honeynet.org wrote:
> Send Honeywall mailing list submissions to
> 	honeywall at public.honeynet.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
> 	honeywall-request at public.honeynet.org
>
> You can reach the person managing the list at
> 	honeywall-owner at public.honeynet.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
>
>
> Today's Topics:
>
>    1. Honeywall - Snort Rules Update Problem (Vincent Ragosta)
>    2. Re: Sebek -- Supported Platforms (Chengyu Song)
>    3. Re: Sebek under VirtualBox (Chengyu Song)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 13 Mar 2010 18:53:25 -0500
> From: Vincent Ragosta <vrr6 at pitt.edu>
> Subject: [Honeywall] Honeywall - Snort Rules Update Problem
> To: honeywall at public.honeynet.org
> Message-ID: <4B9C2575.30700 at pitt.edu>
> Content-Type: text/plain; charset="iso-8859-1"
>
> It appears as if the option to update the Snort rules is not working
> correctly from within the Honeywall web management interface.  After I
> click "Update Rules Now", I perform a tail on /var/log/hwruleupdate and
> receive the following response:
> /
> Downloading file from
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/rules/snortrules-snapshot-2.6.tar.gz...
> /usr/bin/oinkmaster.pl: Error: could not download from
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/rules/snortrules-snapshot-2.6.tar.gz.
> Output from wget follows:
>
>  http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/rules/snortrules-snapshot-2.6.tar.gzResolving
> www.snort.org... 68.177.102.20
> Connecting to www.snort.org|68.177.102.20|:80... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 18:39:30 ERROR 404: Not Found.
>
> Oink, oink. Exiting.../
>
> If I manually enter this link into firefox and replace the
> snortrules-snapshot-2.6.tar.gz with snortrules-snapshot-2.8.tar.gz, it
> initiates a file transfer.  Thus, what can I do to correct this in the
> honeywall?  Can I safely update the url parameter to download the 2.8
> rule set instead?  If so, where is this configuration information held? 
> Or do I need to ugrade Snort first?
>
> Thanks.
>
> Vincent
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://public.honeynet.org/pipermail/honeywall/attachments/20100313/b48919e5/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Sun, 14 Mar 2010 11:33:38 +0800
> From: Chengyu Song <songchengyu at honeynet.org>
> Subject: Re: [Honeywall] Sebek -- Supported Platforms
> To: Mailing list for users and developers of the Honeywall
> 	<honeywall at public.honeynet.org>
> Message-ID:
> 	<5a8ab5a91003131933y4615d2e2qed53894245d30803 at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Sebek does not support Windows 7 nor Windows Server 2008 now. The binary
> distribution does not contain drivers build for these two platforms. I'm
> still working on this and hopefully could release a test build in a week or
> two.
>
> Thanks,
> Chengyu
>
> On Sun, Mar 14, 2010 at 12:38 AM, Vincent R Ragosta <vrr6 at pitt.edu> wrote:
>
>   
>> Has anyone tried installing Sebek on Windows Server 2008?  I want to verify
>> this will work before I attempt.
>>
>> Thanks.
>>
>> Vincent
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
>>
>>     
>
>
>
>   

-- 
Brett D. Ussher



More information about the Honeywall mailing list