[Snort-users] BASE Feature Suggestion to Display Rule Source

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Fri Oct 7 07:57:51 EDT 2005


Hi John -

--On 07 October 2005 08:37 -0500 "McCash, John" <John.McCash at ...10979...> 
wrote:

> Alex,
> 	Woo! Woo!! Thanks loads. This works great, once you fix the typo
> that refers to base_constants.inc.pnp instead of base_constants.inc.php.

Oops! Mea culpa!

Kevin, this isn't in base-php4 CVS yet, so before you apply these patches, 
please check that you don't include that typo before you do. ;-)

> Also, I'd think you'd want it to pop a separate window, rather than load
> in the current one, as all of the other signature reference links do.
> Please don't think I'm throwing rocks. I'm not. This is great, and I'm
> using it now. I salaam in your general direction :-)

Easy enough to do; just add

        TARGET="_ACID_RULE_"

or something to the URL on line 275 of includes/base_signature.inc

> 		Much Appreciation
> 			John

HTH,
Alex.

> -----Original Message-----
> From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher at ...11254...]
> Sent: Friday, September 16, 2005 3:42 AM
> To: McCash, John; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] BASE Feature Suggestion to Display Rule
> Source
>
>
>
> --On 15 September 2005 18:18 -0500 "McCash, John"
> <John.McCash at ...10979...>
> wrote:
>
>> 	From the BASE config file, it looks like the <snort> tag is more
>> or less just forwarded to the sourcefire URL with a sid number, and
> the
>> resultant page is displayed. It strikes me (as a non PHP programmer,
> no
>> flames please) that it should not be terribly difficult to have BASE
>> instead display a web page with two frames, and put the sourcefire
> stuff
>> in one, while simultaneously displaying the full text of the
> referenced
>> rule (pulled from a locally maintained copy of all rules in use) in
> the
>> other.
>
> Indeed - I did this for my local copy of ACID about a year ago. I ported
> my
> patch to BASE a few weeks back. Kevin basically liked it, but wanted to
> tweak it slightly to allow the location of the rules to be modified.
>
> I guess it might show up in the next release.
>
> I've attached my patch against 1.1.4, FWIW.
>
>> 		John
>
> Best Regards,
> Alex.



-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list