I'm in a dead end at the configuration of snort.
In theory a simple problem.
I created a test rule to check if snort runs properly.
Location:\etc\snort\rules\local.rules
Content:
alert icmp any any -> $HOME_NET any (msg:"ICMP on fire"; sid:10000001; rev:001;)
Then I ran on terminal :
sudo snort -T -i enp0s3 -c /etc/snort/snort.conf
Message I receive at the end of the initialization:
"Snort successfully validated the configuration!"
"Snort exiting"
But scrolling up I'm seeing:
Initializing rule chains...
0 Snort rules read
0 detection rules
0 decoder rules
0 preprocessor rules
0 Option Chains linked into 0 Chain Headers
No rules at all!
location is correct in conf file under
/etc/snort/snort.conf
var RULE_PATH /etc/snort/rules
Snort 2.9.17 Build 199
Ubuntu 20.04
Any ideas?Thnnks in advance!
I would recommend supplying the rule path when you execute Snort using the "--rule-path" flag.
The --rule-path flag is not available and not recognized.
As far I understand this variable is just that, a variable that's not used anywhere in the configuration file.
The only way/workaround that I found was include the rule files for ex.
In the snort.conf appending this.
.
.
.
.
include c:\local.rules
Besides that, someone found a way to match content in answer/response?
I mean, let suppose that I want to check if the server has answer with a known content, for ex: success. I've tried with bidirectional operator <> and flow:to_client but nothing has worked.
Related
I follow the basically solutions to solve it, but I already had the problem.
In my configure.ac file I have a check for mysql:
AC_CHECK_HEADER([mysql/mysql.h], ,AC_MSG_ERROR([Could not find mysql headers !]))
and of course it complain because, as explain here:
If the header files are installed in a nonstandard location, such as
/opt/include, and CPPFLAGS doesn't refer to that directory-for
example, as -I/opt/include-the AC_CHECK_HEADER macro will fail, even
though the files do exist on the system. However, this is an issue for
the system's administrator. Part of the convenience of autoconf is
that you, as the developer, don't need to worry about these details.
So, as developer, what's the way to go to solve it properly ?
I also put the path of real location in Makefile with -I/usr/include/mysql, but it continues to complain.
EDIT: as suggestd I post the configure.ac (the main parts):
useMysql=no
AC_MSG_CHECKING([whether to use mysql])
AC_ARG_ENABLE(mysql,
[ --enable-mysql Enable mysql support],
[MYSQL="$enableval"]
useMysql=yes,
[MYSQL="no"]
)
AC_MSG_RESULT([$MYSQL])
AC_SUBST([MYSQL])
[...]
if test "$MYSQL" = "yes"; then
AC_CHECKING([for MYSQL Library and Header files])
AC_CHECK_HEADER([mysql/mysql.h], ,AC_MSG_ERROR([Could not find mysql headers !]))
AC_CHECK_LIB(mysqlclient, mysql_init, [ MYSQL_LIBS="-lmysqlclient" ], [AC_MSG_ERROR([$PACKAGE_NAME requires but cannot find mysqlclient])])
AC_DEFINE(USE_MYSQL, 1, [Use MYSQL library])
AC_SUBST(MYSQL_LIBS)
fi
then I use the MYSQL_LIBS in the Makefile:
AM_CFLAGS = -g -fPIC -rdynamic -I$(top_srcdir)/include -I/usr/include/mysql
I try to configure my proxy to de-duplicate some cached files.
Some site add query-string at the end of URL and so the file is cached multiple times. Ex :
http://download.oracle.com/otn-pub/java/jdk/7u75-b13/jre-7u75-linux-x64.tar.gz?AuthParam=kjzeghfhrehbfgjernf
http://download.oracle.com/otn-pub/java/jdk/7u75-b13/jre-7u75-linux-x64.tar.gz?AuthParam=jzehrguihegeijhpijf
I would like to create et rewrite rule for storeId like that :
^http:\/\/download\.oracle\.com\/otn\-pub\/java\/([a-zA-Z0-9\/\.\-\_]+\.(tar\.gz)) http://download.oracle.com/otn-pub/java/$1
but I have'nt found documention about how to do that.
Ok, so after long research I have find the answer to my question. I write here if case of someone else have the same question.
First of all, I have install Squid 3.4, the first version witch support StoreId rewrite.
Second, after reading StoreId documentation :
wiki.squid-cache.org/Features/StoreID
wiki.squid-cache.org/Features/StoreID/DB
and lot of google search I found this perl program http://pastebin.ca/2422099. It take a database file as first argument, you can find examples in the second link before. In the file I have had a line as above :
^http:\/\/download\.oracle\.com\/otn\-pub\/java\/([a-zA-Z0-9\/\.\-\_]+\.(tar\.gz)) http://download.oracle.com/otn-pub/java/$1
Third, in my squid.conf, I had this line :
store_id_program /usr/local/squid/store-id.pl /usr/local/squid/store_id_db
store_id_children 5 startup=1
store_id_program is the path to the perl file with in argument the database file.
store_id_children represent the number of subprocess allowed to the program, maximum 5, 1 at the beginning.
In the same squid.conf I replace this line :
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
by
refresh_pattern -i cgi-bin 0 0% 0
to allow caching url with query string.
Last, I ensure that the store-id.pl has 'x' permission
Hope this help :)
PS: Just a trick, in the db file, you must have to columns separate by a tabulation (not a space). To be sure, you can use this command (find in doc):
cat dbfile | sed -r -e 's/\s+/\t/g' |sed '/^\#/d' >cleaned_db_file
I'm currently trying to run NERVE a vaccine development program that is made up of Perl scripts and have trouble getting it to run properly. I've downloaded and installed all prerequisites but every time I reach the mysql step of the code, it crashes, and an error message says: Can't locate object method "connect" via package "Mysql" (perhaps you forgot to load "Mysql"?) at ./NERVE line 340, line 5. I took a look at the code and changed "use mysql" to "use DBI" and "use DBD:mysql" but then I get the error: Can't use string ("") as a HASH ref while "strict refs" in use at /usr/local/lib/perl/5.14.2/DBI.pm line 604, line 5.
I would appreciate if anyone could look the code over for the mysql section and give me advice on how to fix it so I can run the program properly. I tried emailing the developers but no response so I'm hoping you guys can help me.
Below is the perl code for NERVE for the mysql section.
use mysql;
$db=Mysql->connect("$host","$database","$user","$password");
if(!$db || (!$host || !$database || !$user || !$password)){
print "\nAttention: mysql connection parameters are missing or not correct!\n";
print "I need you to specify: host, database, user, password;\n";
print "You can do it now typing them right in that order and separeted only by comma;\n";
print "For example:localhost,Pathogens,sandro,xvzhs\n";
print "So, your Mysql connection settings are (type q to quit):";
while (!($db && $mysql =~ /,/) & $mysql ne "q"){
chomp($mysql = <STDIN>);
die "Ok,let's quit this work! Call me when your mind is clearer about Mysql parameters! Bye :-)\n" if $mysql eq "q";
($host,$database,$user,$password) = split (',',$mysql);
$db=Mysql->connect("$host","$database","$user","$password");
last if($db && $mysql =~ /,/);
print "\nMysql connection settings still not correct!\n";
print "Remember: host, database, user, password, separeted only by comma.\n";
print "For example:localhost,Pathogens,sandro,xvzhs\n";
print "Please, try again:";
}
print "Ok, Mysql connection to \"$database\" database was successful!\n";
}
The error message is correct. You are attempting to use a module named , but you never loaded it. Change
use mysql;
to
use Mysql;
to use that module. In the comments, you mention that results in
Can't locate Mysql.pm in #INC
Unless you have reason to believe the module is installed, that indicates it needs to be installed[1]
That module used to be part of the DBD-mysql distribution, but it's obsolete. It's so ancient it was removed from DBD some years ago. To obtain it, you will need to downgrade your DBD-mysql distribution to version 3.0008.
That's pretty awful thing to do. The script should have DBI instead.
cjm points
since the Mysql.pm in 3.0008 is just a compatibility layer using DBI under the hood, you should be able to install Mysql.pm & Mysql/Statement.pm from that old dist along with a current DBD-mysql.
So if you extract Mysql.pm from the distro I linked above as /usr/lib/perl5/Mysql.pm and Mysql/Statement.pm as /usr/lib/perl5/Mysql/Statement.pm, you should have an easy pain-free solution.
In newer versions of Perl, the error message has been improved. It now reads as follows:
Can't locate Mysql.pm in #INC (you may need to install the Mysql module)
I recently hit a usage problem with astyle that I have been unable to figure out. I am not sure if this is a bug, or I am simply using the astyle tool incorrectly.
I am attempting to use the "--exclude" option to omit files and directories from processing, but continue to get an "unmatched" exclude error and astyle terminates:
bwallace$ ls -l foo.c
-rw-r--r-- 1 bwallace 1767304860 22 Aug 1 21:36 foo.c
bwallace$ astyle ./foo.c --exclude=./foo.c -v
Artistic Style 2.04 08/03/2014
Exclude (unmatched) ./foo.c
Artistic Style has terminated
When I pass the "-i" (ignore exclude errors) astyle processes the file as expected. Hence, it seems to be a problem with the "exclude" statement.
bwallace$ astyle ./foo.c --exclude=./foo.c -v -i
Artistic Style 2.04 08/03/2014
Exclude (unmatched) ./foo.c
Unchanged ./foo.c
0 formatted 1 unchanged 0.00 seconds 2 lines
Is this a bug? Am I using astyle incorrectly? Any help would be appreciated.
Excluding a directory is done using simple string contains matching rather than matching actual directories. I've been having the same issue and figured it out by looking at the source here.
Adding a lot of options is a bit tedious. I've found it's easiest to create an options file. There are instructions on the astyle website about where to put it.
To exclude multiple files or directories you need to have multiple "--exclude" options in the file:
--exclude=dir/subdir1
--exclude=dir/subdir2
Try this: astyle "*.c" --exclude=foo.c - that should do the trick.
The . in your exclude statement is one of the issues. Using a wildcard for Astyle's input ("*.c") also seems to be required.
This is definitely weird behaviour on Astyle's side.
An unmatched exclude flag results in an "exclude error" and AStyle terminates.
When you add --ignore-exclude-errors, AStyle continues despite this error. I usually add this flag to my options files.
For the record - I'm using AStyle 3.1, so it could be that this improved in the meantime.
I'm compiling a deb package and when I run dpkg-buildpackage I get:
dpkg-shlibdeps: error: no dependency information found for /usr/local/lib/libopencv_highgui.so.2.3
...
make: *** [binary-arch] Error 2
This happens because I installed the dependency manually. I know that the problem will be fixed if I install the dependency (or use checkinstall), and I want to generate the package anyway because I'm not interested on dependency checking. I know that I can give to dpkg-shlibdeps the option --ignore-missing-info which prevents a fail if dependency information can't be found. But I don't know how to pass this option to dpkg-shlibdeps since I'm using dpkg-buildpackage and dpkg-buildpackage calls dpkg-shlibdeps...
I have already tried:
sudo dpkg-buildpackage -rfakeroot -d -B
And with:
export DEB_DH_MAKESHLIBS_ARG=--ignore-missing-info
as root.
Any ideas?
use:
override_dh_shlibdeps:
dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
if your rule file hasn't the dh_shlibdeps call in it. That's usually the case if you've
%:
dh $#
as only rule in it ... in above you must use a tab and not spaces in front of the dh_shlibdeps
If you want it to just ignore that flag, change the debian/rules line from:
dh_shlibdeps
to:
dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
Yet another way, without modifying build scripts, just creating one file.
You can specify local shlib overrides by creating debian/shlibs.local with the following format: library-name soname-version dependencies
For example, given the following (trimmed) ldd /path/to/binary output
libevent-2.0.so.5 => /usr/lib/libevent-2.0.so.5 (0x00007fc9e47aa000)
libgcrypt.so.20 => /usr/lib/libgcrypt.so.20 (0x00007fc9e4161000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fc9e3b1a000)
The contents of debian/shlibs.local would be:
libevent-2.0 5 libevent-2.0
libgcrypt 20 libgcrypt
libpthread 0 libpthread
The "dependencies" list (third column) doesn't need to be 100% accurate - I just use the library name itself again.
Of course this isn't needed in a sane debian system which has this stuff defined in /var/lib/dpkg/info (which can be used as inspiration for these overrides). Mine isn't a sane debian system.
Instead of merely ignoring the error, you might also want to fix the source of the error, which is usually either a missing or an incorrect package.shlibs or package.symbols file in package which contains the shared library triggering the error.
[1] documents how dpkg-shlibdeps uses the package.shlibs resp. package.symbols, files, [2] documents the format of the package.shlibs and package.symbols files.
[1] https://manpages.debian.org/jessie/dpkg-dev/dpkg-shlibdeps.1.en.html
[2] https://www.debian.org/doc/debian-policy/ch-sharedlibs.html
You've just misspelled your export. It should be like this:
export DEB_DH_SHLIBDEPS_ARGS_ALL=--dpkg-shlibdeps-params=--ignore-missing-info
dpkg-buildpackage uses make to process debian/rules. in this process, dpkg-buildpackage it might call dpkg-shlibdeps.
thus, the proper way to pass modify a part of the package building process is to edit debian/rules.
it's hard to give you any more hints, without seeing the actual debian/rules.
Finally I did it in the brute way:
I edited the script /usr/bin/dpkg-shlibdeps, changing this :
my $ignore_missing_info = 0;
to
my $ignore_missing_info = 1;
You can use this:
dh_makeshlibs -a -n
exactly after dh_install