[Snort-users] Patch for ACID....!!

Saad Kadhi bsdguy at ...4401...
Sun Jan 13 05:20:04 EST 2002


On Sun, 2002-01-13 at 14:01, Frank Reid wrote:
> It could be a useful feature to have both an "anonymous" and "administrator"
> (authenticated) mode on ACID.  The anonymous user would be allowed to
> search/display alerts, graph data, etc., but not delete, archive, etc.  In
> fact, it would be great to support granular accounts in both ACID and
> Demarc, probably associated with specified database criteria such as the
> alert type, address space, etc.  So, if "User X" is associated with address
> 1.2.3.0/24 and has non-administrative permissions (no delete), "User X" is
> only able to query within those bounds after authenticating.  "User Y" is a
> website administrator, so he only has non-administrative permissions for
> 1.2.3.4/32 and only for alerts WEB-IIS, WEB-MISC, etc.
Now I got the picture. I thought it was just a need to authenticate
access to the acid subdir. My sincere apologies to kamesh for such a
misunderstanding. 

Regards.
> 
> Frank
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Saad Kadhi
> Sent: Saturday, January 12, 2002 10:44 AM
> To: kamesh_rajaram at ...4543...
> Cc: Snort Users
> Subject: Re: [Snort-users] Patch for ACID....!!
> 
> 
> On Sat, 2002-01-12 at 13:34, kamesh_rajaram at ...4543... wrote:
> > Hi ACID users...!!
> >        This is with respect to the product ACID (Version 0.9.6b19 ). I
> feel that
> > an authentication procedure is required for the users of this console
> (Like what
> > DEMARC has). Since i am planing to use ACID...i feel the need for
> > authentication. Is there a patch already available..?? Else, i am planning
> to
> > develop that module  as a patch...I seek ur advice on this issue. This
> mail is
> > to avoid any duplication of work in that area. Mail back to me in
> > leisure...Seeking ur kind co-operation in this regard.
> I'm a bit confused w/ your post. What kind of authentication are you
> seeking ? to run ACID, you need a webserver that can run php. &
> nowadays, all webservers support some kind of authentication or another.
> For example, let's take Apache. There is .htaccess, digest,mod_auth_db,
> mod_auth_dbm & many other types of authentication. So why the heck do we
> need a "supplemental" ACID-only authentication module since there is
> already a truckload of methods for Apache itself ?
> 
> & If you don't want to go into big hassles configuring Apache to support
> authentication for the $wwwdir/acid directory, you can use ssh port
> forwarding as a mean to authenticate the admins. Here is how I do it:
> 1. configure apache to listen only to loopback address. For example:
> localhost on port 8888 (that way you avoid Apache initially starting as
> root since port >=1024)
> 2. generate a dsa key to use w/ your favorite openssh server installed
> on the same box as apache
> 3. put in your local .ssh/config file sth like the following for the
> apache server:
> [snip]
> Host acid.test.com
> [snip]
>    LocalForward 8888 localhost:8888
> [snip]
> 4. now open a session to acid.test.com
> 5. open your browser & type:
> http://localhost:8888
> 
> If this is not a *strong* authentication of sorts, then I don't see your
> point Kamesh.
> 
> Regards.
> --
> /Saad --  [bsdguy at ...4401...]
> [pgp keyid: 35592A6D http://pgp.mit.edu]
> # buy a geek-in-a-can, point nozzle at technical problem and spray
> # if desesperate degauss your screen. it might solve your pb as well
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
-- 
/Saad --  [bsdguy at ...4401...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well





More information about the Snort-users mailing list