[Gloucs] Snort!

Jill Tovey gloucs at mailman.lug.org.uk
Fri Apr 4 16:37:01 2003


--=-oXtCFEYWw4l1QS3sShlE
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

For some reason my email messages always get caught by the spam filter,
only to arrive a few days out of sync with everyone else, so apologies
if my messages are appearing not to make sense!

anyway, 

after fiddling about with curl, I have now moved on to this error:

curl: (35) SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

According to the curl help file,
If I type 
curl -k/--insecure it  will "Allow curl to connect to SSL sites without
certs (H)"

Which would seem to be what I want!
However,  on typing that it just says

curl: option -k/--insecure is unknown

I am currently looking for good guides to create my own certificate. 


On Fri, 2003-04-04 at 11:46, Gareth Bromley wrote:

    On 1 Apr 2003, Jill Tovey wrote:
    > I am at the stage the stage where I am adding the sensor agent, the
    > information I am typing in is as follows:
    > enable sensor - ticked yes
    > sensor name - snort
    > sensor ip - 192.168.0.2
    > sensor port - 2525
    > username - admin
    > password - ******
    > Sensor Agent Type - snort centre agent v1 (ssl enabled)
    > Interface name to sniff - eth0
    > Snort command line - -U -o
    OK, what version of Snort are you running, what addons and what Linux
    platform.
    
    > Now, when I go to view sensor it says this:
    > snort ->eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting
    What package is this in?
    
    > Sensor Message sh: line 1: curl: command not found
    Looks like a PATH setting problem or lack of curl on your platform.
    
    > I have tried a few variations on the sensor - such as using jt.mandrake
    > (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in
    > and tried using that but it shouldn't and didn't make a difference.
    How many network cards do you have in your Snort sensor?
    
    Using only 1 leaves it open to direct network attack, and you should use a
    seperate promisc card unaddressed to sniff the network.
    
    > Now, when i go to https://localhost:2525/
    > i find this error:
    > Current config file error:
    > sh: line 1: /usr/sbinsnort: No such file or directory
    Again what tool are you using?
    
    Cheers
    
    Gareth
    
    
    _______________________________________________
    gloucs mailing list
    gloucs@mailman.lug.org.uk

http://mailman.lug.org.uk/mailman/listinfo/gloucs

    

--=-oXtCFEYWw4l1QS3sShlE
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
</HEAD>
<BODY>
For some reason my email messages always get caught by the spam filter, only to arrive a few days out of sync with everyone else, so apologies if my messages are appearing not to make sense!
<BR>

<BR>
anyway, 
<BR>

<BR>
after fiddling about with curl, I have now moved on to this error:
<BR>

<BR>
curl: (35) SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<BR>

<BR>
According to the curl help file,
<BR>
If I type 
<BR>
curl -k/--insecure it&nbsp; will &quot;Allow curl to connect to SSL sites without certs (H)&quot;
<BR>

<BR>
Which would seem to be what I want!
<BR>
However,&nbsp; on typing that it just says
<BR>

<BR>
curl: option -k/--insecure is unknown
<BR>

<BR>
I am currently looking for good guides to create my own certificate. 
<BR>

<BR>

<BR>
On Fri, 2003-04-04 at 11:46, Gareth Bromley wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR="#995ee8"><FONT SIZE="3"><I>On 1 Apr 2003, Jill Tovey wrote:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; I am at the stage the stage where I am adding the sensor agent, the</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; information I am typing in is as follows:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; enable sensor - ticked yes</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; sensor name - snort</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; sensor ip - 192.168.0.2</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; sensor port - 2525</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; username - admin</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; password - ******</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Sensor Agent Type - snort centre agent v1 (ssl enabled)</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Interface name to sniff - eth0</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Snort command line - -U -o</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>OK, what version of Snort are you running, what addons and what Linux</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>platform.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Now, when I go to view sensor it says this:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; snort -&gt;eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>What package is this in?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Sensor Message sh: line 1: curl: command not found</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Looks like a PATH setting problem or lack of curl on your platform.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; I have tried a few variations on the sensor - such as using jt.mandrake</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; and tried using that but it shouldn't and didn't make a difference.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>How many network cards do you have in your Snort sensor?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Using only 1 leaves it open to direct network attack, and you should use a</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>seperate promisc card unaddressed to sniff the network.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Now, when i go to https://localhost:2525/</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; i find this error:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; Current config file error:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>&gt; sh: line 1: /usr/sbinsnort: No such file or directory</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Again what tool are you using?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Cheers</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Gareth</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>gloucs mailing list</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>gloucs@mailman.lug.org.uk</FONT></FONT></I></PRE>
    </BLOCKQUOTE>
<A HREF="http://mailman.lug.org.uk/mailman/listinfo/gloucs"><FONT SIZE="3"><I>http://mailman.lug.org.uk/mailman/listinfo/gloucs</FONT></I></A>
    <BLOCKQUOTE>
<PRE></PRE>
    </BLOCKQUOTE>
</BODY>
</HTML>

--=-oXtCFEYWw4l1QS3sShlE--