• Content count

  • Joined

  • Last visited

Posts posted by jrivett

  1. There are a couple of path adjustments in the procedure that seem to be not quite correct.

    #1: Original Line(s): var SO_RULE_PATH ../so_rules
    Change to: # var SO_RULE_PATH ../so_rules

    This is not actually a change, since the two lines are identical. Presumably it's supposed to be 'd:\winids\Snort\so_rules'. Is that right?

    #2: Original Line(s): dynamicdetection directory /usr/local/lib/snort_dynamicrules
    Change to: # dynamicdetection directory /usr/local/lib/snort_dynamicrules

    This is not actually a change, since the two lines are identical. And when I run the Snort test, I get this fatal error: 'ERROR: f:\winids\snort\etc\snort.conf(258) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.'

    I was going to change the path to 'f:\winids\snort\lib\snort_dynamicrules', bu that directory doesn't exist. Any ideas?

  2. I'm at this step: 'Configuring Snort, the Heart of the Windows Intrusion Detection System (WinIDS)'.

    At this point there are two commands, the point of which seems to be to clear the blacklist and whitelist files that are included with Snort. Here's the first one:

    'type NUL > d:\winids\snort\rules\black_list.rules'

    This actually creates a *new* file called 'black_list.rules', with no content (size zero).

    I think perhaps the intention was to clear the contents of the existing file, which is actually named 'blacklist.rules'.

    I don't see 'white_list.rules' or 'whitelist.rules', so the other command just creates an empty 'white_list.rules'.

  3. I'm working through this tutorial and have hit a bit of a roadblock. Starting at 'Prepping the Windows Intrusion Detection System (WinIDS) Master Sensor', there seems to be an assumption that I already have mySQL installed, and that there's already a database called 'snort'. But I can't find anything in the tutorial about installing MySQL or creating that database or its tables. I checked the various scripts in the WinIDS package (winids-cssp-x64.zip), and didn't find anything there either. What am I missing?