[Snort-users] Linking rules in BASE

waldo kitty wkitty42 at ...14940...
Tue Aug 24 20:08:00 EDT 2010


this post, among other things, brings up the following...

On 8/24/2010 17:22, Billy Marshall wrote:
> I am not sure what you mean by a sim-link with BASE, I don't recall ever making
> any sim-links. However, the following is from the base_conf.php in your web
> directory. It defines the variables for BASE. (assuming your using a Linux
> distro and BASE 1.4.4)
> If you have moved your rules then the variable 'local_rules_dir' is not
> accurate. These also define the links in the output of BASE to correctly link to
> websites.
> $external_sig_link = array('bugtraq' =>
> array('http://www.securityfocus.com/bid/', ''),
> /*********** corrected 20100104 Bill marshall*/
> /* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''), */
> 'snort' => array('http://www.snortid.com/snortid.asp?QueryId=', ''),
> 'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
> 'arachnids' => array('http://www.whitehats.com/info/ids', ''),

since arachnids/whitehats.com is long gone by several years, why do we still 
have all of the erroneous references to it and its database in the sigs and 
references file?

what i find about it now, and for the last 2 or 3 years, is a park page on some 
host out of OZ...

can we get these removed, please?

> 'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm'),
> 'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-', ''),
> 'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=',
> ''),
> 'url' => array('http://', ''),
> 'local' => array('signatures/', '.txt'),
> 'local_rules_dir' => array('rules/', '.rules'),
> 'EmThreats' => array('http://docs.emergingthreats.net/', ''));
>
> /* Custom (user) PHP session handlers





More information about the Snort-users mailing list