[Snort-users] Patch for ACID....!!

Frank Reid fcreid at ...691...
Sun Jan 13 05:04:02 EST 2002


It could be a useful feature to have both an "anonymous" and "administrator"
(authenticated) mode on ACID.  The anonymous user would be allowed to
search/display alerts, graph data, etc., but not delete, archive, etc.  In
fact, it would be great to support granular accounts in both ACID and
Demarc, probably associated with specified database criteria such as the
alert type, address space, etc.  So, if "User X" is associated with address
1.2.3.0/24 and has non-administrative permissions (no delete), "User X" is
only able to query within those bounds after authenticating.  "User Y" is a
website administrator, so he only has non-administrative permissions for
1.2.3.4/32 and only for alerts WEB-IIS, WEB-MISC, etc.

Frank

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Saad Kadhi
Sent: Saturday, January 12, 2002 10:44 AM
To: kamesh_rajaram at ...4543...
Cc: Snort Users
Subject: Re: [Snort-users] Patch for ACID....!!


On Sat, 2002-01-12 at 13:34, kamesh_rajaram at ...4543... wrote:
> Hi ACID users...!!
>        This is with respect to the product ACID (Version 0.9.6b19 ). I
feel that
> an authentication procedure is required for the users of this console
(Like what
> DEMARC has). Since i am planing to use ACID...i feel the need for
> authentication. Is there a patch already available..?? Else, i am planning
to
> develop that module  as a patch...I seek ur advice on this issue. This
mail is
> to avoid any duplication of work in that area. Mail back to me in
> leisure...Seeking ur kind co-operation in this regard.
I'm a bit confused w/ your post. What kind of authentication are you
seeking ? to run ACID, you need a webserver that can run php. &
nowadays, all webservers support some kind of authentication or another.
For example, let's take Apache. There is .htaccess, digest,mod_auth_db,
mod_auth_dbm & many other types of authentication. So why the heck do we
need a "supplemental" ACID-only authentication module since there is
already a truckload of methods for Apache itself ?

& If you don't want to go into big hassles configuring Apache to support
authentication for the $wwwdir/acid directory, you can use ssh port
forwarding as a mean to authenticate the admins. Here is how I do it:
1. configure apache to listen only to loopback address. For example:
localhost on port 8888 (that way you avoid Apache initially starting as
root since port >=1024)
2. generate a dsa key to use w/ your favorite openssh server installed
on the same box as apache
3. put in your local .ssh/config file sth like the following for the
apache server:
[snip]
Host acid.test.com
[snip]
   LocalForward 8888 localhost:8888
[snip]
4. now open a session to acid.test.com
5. open your browser & type:
http://localhost:8888

If this is not a *strong* authentication of sorts, then I don't see your
point Kamesh.

Regards.
--
/Saad --  [bsdguy at ...4401...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list