I would report him, but it's an ISP in Mexico.
I would report him, but it's an ISP in Mexico.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Since I'm not a big fan of adding several resource hungry services (apache, mysql) when they are not essential, I decided to go for the sqlless snort + ossec. I used the "snort" ubuntu package from repository which installed and started flawlessly (it detected my own nmap scans, and even some random port scans from internet). However, when Ubuntu is booting, I can see that snort starting script has "failed" and snort doesn't start. But if I run "/etc/conf.d/snort start" from console it starts without any issues. I've tried running it with both original and bodhi.zazens scripts but the result is always the same - snort fails during boot, but starts and works perfectly when started from console... Executing from rc.local changes nothing. I've tried "snort -T -c /etc/snort/snort.conf" but it doesn't report any errors.
Any ideas why is it happening? Or at least how to find out what is failing during boot?
I'm sorry for asking such a noob question ,
Is there any way to translate honeypot captured data into a SNORT signature ?
I'd like to deploy self-learning IDS with snort based on data caputred by honeypot softwares.
THank you
wondering if this is for me. i think i get hacked almost on a daily bases. everytime i install any ubuntu 7.10 to 8.10 (i give up on 8.04 and 8.10 since i get systems 32 file along the installation process) . that same day my drive becomes "read only" and cannot save or anything. its either that or malicious software. going to reinstall sometime soon so wondering if i should install this before updates or after? i seem tobe getting hacked or getting malicious software during installation. i need to try something. please help
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
For some reason the ossec webui doesnt ask for a password when i access the site. Even though i set a username and password when i installed ossec.
Is this a known issue? (when i installed apache i only did apt-get apache2 and php modules).
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
You have to install / configure ssl and apache :
http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Bookmarks