[Snort-users] Linking rules in BASE
wkitty42 at ...14940...
Tue Aug 24 20:08:00 EDT 2010
this post, among other things, brings up the following...
On 8/24/2010 17:22, Billy Marshall wrote:
> I am not sure what you mean by a sim-link with BASE, I don't recall ever making
> any sim-links. However, the following is from the base_conf.php in your web
> directory. It defines the variables for BASE. (assuming your using a Linux
> distro and BASE 1.4.4)
> If you have moved your rules then the variable 'local_rules_dir' is not
> accurate. These also define the links in the output of BASE to correctly link to
> $external_sig_link = array('bugtraq' =>
> array('http://www.securityfocus.com/bid/', ''),
> /*********** corrected 20100104 Bill marshall*/
> /* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''), */
> 'snort' => array('http://www.snortid.com/snortid.asp?QueryId=', ''),
> 'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
> 'arachnids' => array('http://www.whitehats.com/info/ids', ''),
since arachnids/whitehats.com is long gone by several years, why do we still
have all of the erroneous references to it and its database in the sigs and
what i find about it now, and for the last 2 or 3 years, is a park page on some
host out of OZ...
can we get these removed, please?
> 'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm'),
> 'icat' => array('http://icat.nist.gov/icat.cfm?cvename=CAN-', ''),
> 'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=',
> 'url' => array('http://', ''),
> 'local' => array('signatures/', '.txt'),
> 'local_rules_dir' => array('rules/', '.rules'),
> 'EmThreats' => array('http://docs.emergingthreats.net/', ''));
> /* Custom (user) PHP session handlers
More information about the Snort-users