[Snort-users] AW: (Snort-users) Bad Priority setting

sandro.poppi at ...3316... sandro.poppi at ...3316...
Thu Oct 4 22:18:04 EDT 2001


You are missing the classification.config file in your /etc/snort.conf. This can
be found in the tarball and should be included in snort.conf BEFORE the includes
of the rules:

include /usr/local/snort/classification.config.

If you are still getting that errors you have to define the classification type
given in the error message, e.g. attempted-user, in classification.config.

HTH
Sandro


> -----Ursprüngliche Nachricht-----
> Von: Ole Andreas Weel <weelers at ...3698...> at internet
> Gesendet: Donnerstag, 4. Oktober 2001 21:15
> An: snort-users at lists.sourceforge.net at Internet
> Betreff: [Snort-users] Bad Priority setting
>
>
> m running r.h 7.1, with isdn.
>
> when i try to run snort i get this msg:
>
> [root at ...274... /root]# snort -c /etc/snort.conf
> Log directory =
>
>         --== Initializing Snort ==--
> Checking PID path...
> PATH_VARRUN is set to /var/run/ on this operating system
>
> Initializing Network Interface eth0
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> Parsing Rules file /etc/snort.conf
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Using LOCAL time
> ProcessFileOption: /var/log/snort/alerts.log
> Linking FullAlert functions to call lists...
> ERROR /usr/local/snort/exploit.rules(6) => Bad Priority setting
> "attempted-user"
> ERROR /usr/local/snort/exploit.rules(7) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(8) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(9) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(10) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(11) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(12) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(13) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(14) => Bad Priority setting
> "attempted-user"
> ERROR /usr/local/snort/exploit.rules(15) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(16) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(17) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(18) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(19) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(20) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(21) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(22) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(23) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(24) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(25) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(26) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(27) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(28) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(29) => Bad Priority setting
> "attempted-admin"
> ERROR /usr/local/snort/exploit.rules(30) => Bad Priority setting
> "attempted-user"
> ERROR /usr/local/snort/exploit.rules(31) => Bad Priority setting
> "attempted-user"
> [!] ERROR /usr/local/snort/exploit.rules(32) => Bad port number:
> "(msg:"EXPLOIT"
> Fatal Error, Quitting..
> [root at ...274... /root]#
>
>
> This is my snort.conf file:
>
> [root at ...274... /root]# cat /etc/snort.conf
> #####    Current Database Updated -- 03/10/2001
>
> ##### Variables
> #etc EXTERNAL_NET !172.16.1.0/24
> var EXTERNAL_NET any
> var HOME_NET     192.168.0.0/24
> var INTERNAL     192.168.0.9/24
> var PORTS     5
> var SECONDS   15
>
> ##### Preprocessors
> preprocessor http_decode: 80 443 8080
> #preprocessor minfrag: 128
> preprocessor defrag
> preprocessor portscan: $HOME_NET $PORTS $SECONDS
> /var/log/snort/portscan.log
>
> ##### Output
> output alert_syslog: LOG_AUTH LOG_ALERT
> output alert_full: /var/log/snort/alerts.log
>
> ##### What do we log
> # Logging tcp
> log tcp any any <> $INTERNAL any (session: printable;)
> log tcp any any <> $INTERNAL any
>
> # Logging udp
> log udp any any <> $INTERNAL any (session: printable;)
> log udp any any <> $INTERNAL any
>
> # Logging icmp
> log icmp any any <> $INTERNAL any (session: printable;)
> log icmp any any <> $INTERNAL any
>
> include /usr/local/snort/local.rules
> include /usr/local/snort/exploit.rules
> include /usr/local/snort/scan.rules
> include /usr/local/snort/finger.rules
> include /usr/local/snort/ftp.rules
> include /usr/local/snort/telnet.rules
> include /usr/local/snort/smtp.rules
> include /usr/local/snort/rpc.rules
> include /usr/local/snort/rservices.rules
> include /usr/local/snort/backdoor.rules
> include /usr/local/snort/dos.rules
> include /usr/local/snort/ddos.rules
> include /usr/local/snort/dns.rules
> include /usr/local/snort/netbios.rules
> include /usr/local/snort/web-cgi.rules
> include /usr/local/snort/web-coldfusion.rules
> include /usr/local/snort/web-frontpage.rules
> include /usr/local/snort/web-misc.rules
> include /usr/local/snort/web-iis.rules
> include /usr/local/snort/icmp.rules
> include /usr/local/snort/misc.rules
> include /usr/local/snort/policy.rules
> include /usr/local/snort/info.rules
>
> what am i doing wrong ?
>
> regards ole
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list