[Snort-users] Bad Priority setting

Ole Andreas Weel weelers at ...3698...
Thu Oct 4 12:21:09 EDT 2001


m running r.h 7.1, with isdn.

when i try to run snort i get this msg:

[root at ...274... /root]# snort -c /etc/snort.conf
Log directory =

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Using LOCAL time
ProcessFileOption: /var/log/snort/alerts.log
Linking FullAlert functions to call lists...
ERROR /usr/local/snort/exploit.rules(6) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(7) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(8) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(9) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(10) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(11) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(12) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(13) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(14) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(15) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(16) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(17) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(18) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(19) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(20) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(21) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(22) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(23) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(24) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(25) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(26) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(27) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(28) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(29) => Bad Priority setting
"attempted-admin"
ERROR /usr/local/snort/exploit.rules(30) => Bad Priority setting
"attempted-user"
ERROR /usr/local/snort/exploit.rules(31) => Bad Priority setting
"attempted-user"
[!] ERROR /usr/local/snort/exploit.rules(32) => Bad port number:
"(msg:"EXPLOIT"
Fatal Error, Quitting..
[root at ...274... /root]#


This is my snort.conf file:

[root at ...274... /root]# cat /etc/snort.conf
#####    Current Database Updated -- 03/10/2001

##### Variables
#etc EXTERNAL_NET !172.16.1.0/24
var EXTERNAL_NET any
var HOME_NET     192.168.0.0/24
var INTERNAL     192.168.0.9/24
var PORTS     5
var SECONDS   15

##### Preprocessors
preprocessor http_decode: 80 443 8080
#preprocessor minfrag: 128
preprocessor defrag
preprocessor portscan: $HOME_NET $PORTS $SECONDS
/var/log/snort/portscan.log

##### Output
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: /var/log/snort/alerts.log

##### What do we log
# Logging tcp
log tcp any any <> $INTERNAL any (session: printable;)
log tcp any any <> $INTERNAL any

# Logging udp
log udp any any <> $INTERNAL any (session: printable;)
log udp any any <> $INTERNAL any

# Logging icmp
log icmp any any <> $INTERNAL any (session: printable;)
log icmp any any <> $INTERNAL any

include /usr/local/snort/local.rules
include /usr/local/snort/exploit.rules
include /usr/local/snort/scan.rules
include /usr/local/snort/finger.rules
include /usr/local/snort/ftp.rules
include /usr/local/snort/telnet.rules
include /usr/local/snort/smtp.rules
include /usr/local/snort/rpc.rules
include /usr/local/snort/rservices.rules
include /usr/local/snort/backdoor.rules
include /usr/local/snort/dos.rules
include /usr/local/snort/ddos.rules
include /usr/local/snort/dns.rules
include /usr/local/snort/netbios.rules
include /usr/local/snort/web-cgi.rules
include /usr/local/snort/web-coldfusion.rules
include /usr/local/snort/web-frontpage.rules
include /usr/local/snort/web-misc.rules
include /usr/local/snort/web-iis.rules
include /usr/local/snort/icmp.rules
include /usr/local/snort/misc.rules
include /usr/local/snort/policy.rules
include /usr/local/snort/info.rules

what am i doing wrong ?

regards ole






More information about the Snort-users mailing list