Estoy utilizando pullpork para la gestión de reglas. He habilitado reglas de 1: 1000 a 1: 5735, esas reglas están habilitadas pero al mismo tiempo se omiten.
Como salida tuve:
https://github.com/shirkdog/pulledpork
_____ ____
'----,\ )
'--==\ / PulledPork v0.7.3 - Making signature updates great again!
'--==\/
.-~~~~-.Y|\_ Copyright (C) 2009-2016 JJ Cummings
@_/ / 66\_ [email protected]
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prepping rules from snortrules-snapshot-2990.tar.gz for work....
Done!
Prepping rules from community-rules.tar.gz for work....
Done!
Prepping rules from opensource.tar.gz for work....
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
An error occurred: ERROR: /etc/nsm/dataprotect-virtualbox-eth0/snort.conf(308) Perfmonitor: Unable to change mode of base stats file "/nsm/sensor_data/dataprotect-virtualbox-eth1/snort.stats" to mode:438: Operation not permitted.
An error occurred: Fatal Error, Quitting..
Done
Reading rules...
Reading rules...
Modifying Sids....
Done!
Processing /etc/nsm/pulledpork/enablesid.conf....
Modified 2090 rules
Skipped 2090 rules (already disabled)
Done
Processing /etc/nsm/pulledpork/dropsid.conf....
Modified 0 rules
Skipped 0 rules (already disabled)
Done
Processing /etc/nsm/pulledpork/disablesid.conf....
Modified 0 rules
Skipped 0 rules (already disabled)
Done
Setting Flowbit State....
Enabled 128 flowbits
Done
Writing /etc/nsm/rules/snort.rules....
Done
Generating sid-msg.map....
Done
Writing v1 /etc/nsm/sid-msg.map....
Done
Writing /var/log/nsm/sid_changes.log....
Done
Rule Stats...
New:-------0
Deleted:---27
Enabled Rules:----33517
Dropped Rules:----0
Disabled Rules:---26243
Total Rules:------59760
No IP Blacklist Changes
Done
Please review /var/log/nsm/sid_changes.log for additional details
Fly Piggy Fly!
Restarting Barnyard2.
El deshabilitado.conf está vacío