[Snort-users] Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!
Teo En Ming
teo.en.ming at ...11827...
Mon Apr 7 15:19:15 EDT 2014
I downloaded this set of rules file http://www.snort.org/downloads/2874 (
Why are most of the Snort rules commented out? It's like 80% of all the
Snort rules are commented out/disabled.
Question 1: Shall I un-comment the disabled rules???
Also, why are many of the rules files empty?
Question 2: Why are many of the rules files empty?
I installed Nessus 5.2.6 on my Windows 8.1 machine. I ran Nessus
vulnerability scanner against my public IP and no alerts showed up on my
Snort IDS at all!
Question 3: The Nessus vulnerability scanner reported numerous
vulnerabilities. Why are there no alerts in my Snort IDS box at all?
I need a favor from you guys. To uncomment all the DISABLED Snort rules,
which is probably thousands and thousands of lines, is a colossal task. I
think I need to write a sed 's/original text/replacement text/g' linux
shell script to uncomment all the disabled Snort rules. But the problem is
that my Linux shell scripting knowledge is a bit rusty and I would need to
revise it. Hence I am wondering if any of you guys can write a bash script
with sed and for loops to uncomment the disabled Snort rules??? Thanks in
advance!!! Don't worry, I will vet through the submitted shell scripts.
I am looking forward to your replies.
Thank you very much.
Teo En Ming
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users