[Snort-users] oinkmaster.conf enterred disablesid - get enbalbed
cwcwcwg at ...131...
Tue Dec 16 12:51:01 EST 2003
I tried to diable some rules by put # in frot of the
rule (here is in the icmp.rule file), and enter it in
the oinkmaster.conf at the bottom of the file as:
Then, I just run it simply:
oinkmaster-0.8# oinkmaster.pl -o
to see if the change in rule.icmp will be overwritten.
It got overwritten after I run it, and output shows:
[+++] Enabled rules: [+++]
-> Enabled in icmp.rules (1):
alert icmp any any -> any any (msg:"ICMP
Destination Unreachable (Communication
Administratively Prohibited)"; itype: 3; icode: 13;
sid:485; classtype:misc-activity; rev:2;)
This is the rule I put # in front of alert, and in the
oinkmaster.conf with SID number, now it's enabled
after I run oinkmaster.pl.
Did I miss anything, anyone please?
Thanks a LOT!
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
More information about the Snort-users