[Snort-users] Linking rules in BASE
nhoughton at ...1935...
Tue Aug 24 20:29:28 EDT 2010
On Tue, 24 Aug 2010 20:08:00 -0400, waldo kitty wrote:
> this post, among other things, brings up the following...
> On 8/24/2010 17:22, Billy Marshall wrote:
>> I am not sure what you mean by a sim-link with BASE, I don't recall
>> ever making
>> any sim-links. However, the following is from the base_conf.php in your web
>> directory. It defines the variables for BASE. (assuming your using a Linux
>> distro and BASE 1.4.4)
>> If you have moved your rules then the variable 'local_rules_dir' is not
>> accurate. These also define the links in the output of BASE to
>> correctly link to
>> $external_sig_link = array('bugtraq' =>
>> array('http://www.securityfocus.com/bid/', ''),
>> /*********** corrected 20100104 Bill marshall*/
>> /* 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', ''), */
>> 'snort' => array('http://www.snortid.com/snortid.asp?QueryId=', ''),
>> 'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', ''),
>> 'arachnids' => array('http://www.whitehats.com/info/ids', ''),
> since arachnids/whitehats.com is long gone by several years, why do
> we still
> have all of the erroneous references to it and its database in the sigs and
> references file?
> what i find about it now, and for the last 2 or 3 years, is a park
> page on some
> host out of OZ...
> can we get these removed, please?
Yes, we already have a bug open to remove the arachnids references.
We'll also be adding OSVDB as a reference type with the 2.9 release.
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/
More information about the Snort-users