Morpheus

Administrators
  • Content count

    509
  • Joined

  • Last visited

7 Followers

About Morpheus

  • Rank
    Administrator

Profile Information

  • Country
    United States

Recent Profile Visitors

16,407 profile views
  1. A little more information: Are you running Snort from the command window? Is this a new install or are you updating an existing install? Please post a full screen shot of the error.
  2. Been doing these tutorials and have installed 1000+ IDS's in the last 15 years and not once have I had to add an extension. It sounds like you have a corrupted .EXE association.This issue can occur if a virus or other 3rd party application has changed or corrupted some default registry settings. These types of quirks seem to pop up when the installer fails to install the Windows Intrusion Detection System on a fresh install of Windows.
  3. There is something odd about your Windows environment requiring the extensions?
  4. You need to change line 900 in the php.ini Change from: ;extension=php_mysql.dll Change to: extension=php_mysql.dll Your PHP in IIS is not configured correctly. Stop the IIS server, copy the file in the attached zip to the C:\Windows\System32\inetsrv\config folder, and restart the IIS server. applicationHost.zip
  5. What happens when put the test.php file in d:\winids\inetpub\wwwroot\base folder and then from a browser type http://winids/test.php Attach your php.ini file located in the d:\winids\php folder Attach your applicationHost.config file located in the C:\Windows\System32\inetsrv folder.
  6. Item 1: Go back to the section titled Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console and complete again. Item2: It appears there was a time delay for some reason. Try it again. Make sure your not routing through a proxy.
  7. It appears the snort database has a problem or authentication. Go into the task manager and kill the Barnyard2 process. Go into the uninstall programs and remove postgresql. Go into the d:\winids folder and delete the postgresql folder. Return to the tutorial section labeled Installing the PostgreSQL Database Server and complete. Go to the tutorial section labeled Configuring the PostgreSQL Database Server and complete. Go to the tutorial section labeled Confirming PostgreSQL and Snort are operational and complete. Go to the tutorial section labeled Testing the Barnyard2 configuration file and complete. This should fix the problem.
  8. Pulled your Pulledpork folder in and everything works as expected. I'm not sure what the problem is? Possible firewall issue with a blocked port? C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.4 - Helping you protect your bitcoin wallet! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2017 JJ Cummings, Michael Shirk @_/ / 66\_ and the PulledPork Team! | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29111.tar.gz.... Rules tarball download of snortrules-snapshot-29111.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List... Checking latest MD5 for opensource.gz.... Rules tarball download of opensource.gz.... They Match Done! Prepping rules from opensource.gz for work.... Done! Prepping rules from snortrules-snapshot-29111.tar.gz for work.... No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Done! Reading rules... readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing d:\winids\pulledpork\etc\enablesid.conf.... Modified 20480 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\dropsid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\disablesid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Setting Flowbit State.... Done Writing d:\winids\snort\rules\winids.rules.... Done Generating sid-msg.map.... Done Writing v1 d:\winids\snort\etc\sid-msg.map.... Done Writing d:\winids\snort\log\sid_changes.log.... Done Rule Stats... New:-------4 Deleted:---0 Enabled Rules:----32501 Dropped Rules:----0 Disabled Rules:---0 Total Rules:------32501 No IP Blacklist Changes Done Please review d:\winids\snort\log\sid_changes.log for additional details Fly Piggy Fly!
  9. Make SURE you are ONLY using the Pulledpork from here. I have to modify it to work on windows. Make sure your oink code is correct. If you are behind a proxy there may be problems. Try removing everything in the pulledpork/temp folder. If there is still problems zip up the pulledpork folder and attach it. Don't forget to delete everything in the pulledpork/temp folder before compressing.
  10. Pulledpork runs a specific set of rules based on policy set in the pulledpork.conf. There are 4 conf files located in the etc folder that will include, exclude, disable, or drop rules based on your specific needs. The default set of activated rules prior to installing PulledPork has more rules activated by default. PulledPork drills down into the more relevant rules based on policy. You will need to figure out what is best to include or exclude based on your needs using the . There is a Pulledpork user group that could be very helpful here. Also, you can ask questions in the Snort-Mailing list.
  11. I'm not sure because this is a custom install. If you follow the guide you will get a working Windows Intrusion Detection System. However it looks like you have an incomparable version of PHP installed. The Windows intrusion Detection security console (base) ONLY works with PHP 5.x
  12. The config files look good. It's usually quicker to start fresh.
  13. To completely remove Apache2 remove the service using httpd -k uninstall then delete the Apache24 directory, and then look in the services to make sure the service is gone. Looks like something else is using port 80?