Morpheus

Administrators
  • Content count

    559
  • Joined

  • Last visited

Posts posted by Morpheus


  1. 3 hours ago, FDids said:

    Hi,

    Thanks for replying that everything is fixed but:

    I apologize for being dense, but I am not sure what to do next  to fix my barnyard2 installation so that snort does show exiting.  I downloaded the latest Winids Barnyard2 Software Development Pack,  winids-b2sdp.zip.  Do I unzip it and use the barnyard2.master.zip in place of the other builds?  Do I need to start over and redo my installation? Is there another file I should download? 

    Thanks for all your help!

    Bob

    No you don't need to do anything. What you are seeing is correct. I made an error in the tutorial and have since corrected it. Check out the tutorial, and it should match your install.

    FDids likes this

  2. Make sure you have ran the modder.vbs file as Administrator and allowed it to reboot on its own.

    Make sure the test.php file has been copied to the d:\winids\apache24\htdocs\base folder.

     

    Make sure you can ping winids:

    2019-02-27_11-51-51.jpg

     

    Make sure all the required Microsoft Visual C++ packages have been installed:

    2019-02-27_10-03-17.jpg

     

    If all the above is correct then please attach the php.ini file and the httpd.conf file.

     

    fahmiff likes this

  3. Been doing these tutorials and have installed 1000+ IDS's in the last 15 years and not once have I had to add an extension.

    It sounds like you have a corrupted .EXE association.This issue can occur if a virus or other 3rd party application has changed or corrupted some default registry settings.

    These types of quirks seem to pop up when the installer fails to install the Windows Intrusion Detection System on a fresh install of Windows.


  4. It appears the snort database has a problem or authentication.

    Go into the task manager and kill the Barnyard2 process.

    Go into the uninstall programs and remove postgresql.

    Go into the d:\winids folder and delete the postgresql folder.

    Return to the tutorial section labeled Installing the PostgreSQL Database Server and complete.

    Go to the tutorial section labeled Configuring the PostgreSQL Database Server and complete.

    Go to the tutorial section labeled Confirming PostgreSQL and Snort are operational and complete.

    Go to the tutorial section labeled Testing the Barnyard2 configuration file and complete.

    This should fix the problem.


  5. Pulled your Pulledpork folder in and everything works as expected. I'm not sure what the problem is?

    Possible firewall issue with a blocked port?

    C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T
    
        https://github.com/shirkdog/pulledpork
          _____ ____
         `----,\    )
          `--==\\  /    PulledPork v0.7.4 - Helping you protect your bitcoin wallet!
           `--==\\/
         .-~~~~-.Y|\\_  Copyright (C) 2009-2017 JJ Cummings, Michael Shirk
      @_/        /  66\_  and the PulledPork Team!
        |    \   \   _(")
         \   /-| ||'--'  Rules give me wings!
          \_\  \_\\
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    'uname' is not recognized as an internal or external command,
    operable program or batch file.
    Checking latest MD5 for snortrules-snapshot-29111.tar.gz....
    Rules tarball download of snortrules-snapshot-29111.tar.gz....
            They Match
            Done!
    IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist....
    Reading IP List...
    Checking latest MD5 for opensource.gz....
    Rules tarball download of opensource.gz....
            They Match
            Done!
    Prepping rules from opensource.gz for work....
            Done!
    Prepping rules from snortrules-snapshot-29111.tar.gz for work....
    No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366.
    Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366.
            Done!
    Reading rules...
    readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
    readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
    readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
    Reading rules...
    Activating security rulesets....
            Done
    Modifying Sids....
            Done!
    Processing d:\winids\pulledpork\etc\enablesid.conf....
            Modified 20480 rules
            Skipped 0 rules (already disabled)
            Done
    Processing d:\winids\pulledpork\etc\dropsid.conf....
            Modified 0 rules
            Skipped 0 rules (already disabled)
            Done
    Processing d:\winids\pulledpork\etc\disablesid.conf....
            Modified 0 rules
            Skipped 0 rules (already disabled)
            Done
    Setting Flowbit State....
            Done
    Writing d:\winids\snort\rules\winids.rules....
            Done
    Generating sid-msg.map....
            Done
    Writing v1 d:\winids\snort\etc\sid-msg.map....
            Done
    Writing d:\winids\snort\log\sid_changes.log....
            Done
    Rule Stats...
            New:-------4
            Deleted:---0
            Enabled Rules:----32501
            Dropped Rules:----0
            Disabled Rules:---0
            Total Rules:------32501
    No IP Blacklist Changes
    
    Done
    Please review d:\winids\snort\log\sid_changes.log for additional details
    Fly Piggy Fly!