[Snort-users] Patch for ACID....!!
fcreid at ...691...
Sun Jan 13 05:04:02 EST 2002
It could be a useful feature to have both an "anonymous" and "administrator"
(authenticated) mode on ACID. The anonymous user would be allowed to
search/display alerts, graph data, etc., but not delete, archive, etc. In
fact, it would be great to support granular accounts in both ACID and
Demarc, probably associated with specified database criteria such as the
alert type, address space, etc. So, if "User X" is associated with address
188.8.131.52/24 and has non-administrative permissions (no delete), "User X" is
only able to query within those bounds after authenticating. "User Y" is a
website administrator, so he only has non-administrative permissions for
184.108.40.206/32 and only for alerts WEB-IIS, WEB-MISC, etc.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Saad Kadhi
Sent: Saturday, January 12, 2002 10:44 AM
To: kamesh_rajaram at ...4543...
Cc: Snort Users
Subject: Re: [Snort-users] Patch for ACID....!!
On Sat, 2002-01-12 at 13:34, kamesh_rajaram at ...4543... wrote:
> Hi ACID users...!!
> This is with respect to the product ACID (Version 0.9.6b19 ). I
> an authentication procedure is required for the users of this console
> DEMARC has). Since i am planing to use ACID...i feel the need for
> authentication. Is there a patch already available..?? Else, i am planning
> develop that module as a patch...I seek ur advice on this issue. This
> to avoid any duplication of work in that area. Mail back to me in
> leisure...Seeking ur kind co-operation in this regard.
I'm a bit confused w/ your post. What kind of authentication are you
seeking ? to run ACID, you need a webserver that can run php. &
nowadays, all webservers support some kind of authentication or another.
For example, let's take Apache. There is .htaccess, digest,mod_auth_db,
mod_auth_dbm & many other types of authentication. So why the heck do we
need a "supplemental" ACID-only authentication module since there is
already a truckload of methods for Apache itself ?
& If you don't want to go into big hassles configuring Apache to support
authentication for the $wwwdir/acid directory, you can use ssh port
forwarding as a mean to authenticate the admins. Here is how I do it:
1. configure apache to listen only to loopback address. For example:
localhost on port 8888 (that way you avoid Apache initially starting as
root since port >=1024)
2. generate a dsa key to use w/ your favorite openssh server installed
on the same box as apache
3. put in your local .ssh/config file sth like the following for the
LocalForward 8888 localhost:8888
4. now open a session to acid.test.com
5. open your browser & type:
If this is not a *strong* authentication of sorts, then I don't see your
/Saad -- [bsdguy at ...4401...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users