Forums

×

Warning

JUser: :_load: Unable to load user with ID: 204071
Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (4) →
Medium
Offline

Configuration of IDS/IPS Snort

Resolved
0 votes
Hello, can I see the configuration of IDS/IPS Snort, wich is used in clearOS? And how to do it?
In Intrusion Detection System
Tuesday, December 18 2018, 12:13 PM
Subscribe via email
Share this post:
Responses (4)

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Wednesday, December 19 2018, 03:04 PM - #Permalink
    Resolved
    0 votes
    Dirk Albring wrote:
    Hmm, this thread peaked my curiosity. Looked at my snort.conf and noticed 2121 wasn't included in the ftp ports. Am I missing something or is that just an oversight?
    I can't see the parameter "FTP_PORTS" used anywhere. In the "FTP / Telnet normalization and anomaly detection" the ports are again restricted to 21, 2100 and 3535. In the rules, they are all hardcoded with 21, so no 2121 or 990. If there is a bug to be filed, it would extend FTP_PORTS to cover 2121 and 989/990 and to change the ClearCenter ftp rules from 21 to $FTP_PORTS.
    The reply is currently minimized Show

  • Accepted Answer

    Dirk Albring
    Dirk Albring
    Offline
    Wednesday, December 19 2018, 02:32 PM - #Permalink
    Resolved
    0 votes
    Hmm, this thread peaked my curiosity. Looked at my snort.conf and noticed 2121 wasn't included in the ftp ports. Am I missing something or is that just an oversight?

    Make sure you 
    systemctl restart snort.service
    after making any changes to the config file.
    The reply is currently minimized Show

  • Accepted Answer

    William178 Elizabeth Barnes
    William178 Elizabeth Barnes
    Offline
    Wednesday, December 19 2018, 04:28 AM - #Permalink
    Resolved
    0 votes
    I have a similar issue...9apps
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Tuesday, December 18 2018, 03:03 PM - #Permalink
    Resolved
    1 votes
    /etc/snort.conf and the Webconfig.
    The reply is currently minimized Show
Your Reply