Snort: "Update rules automatically"

sergu61

Upgrade rules on cron

(3 */12 * * * root /usr/bin/nice-n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log)

does not work!

I receive in /usr/local/etc/snort/snort_update.log:

You must enter valid credentials to access this resource.

???

Serg Max

sergu61

Works after editing snort_check_for_rule_updates.php:

….
require_once("globals.inc");                 
/ require_once("guiconfig.inc"); /          
require_once("/usr/local/pkg/snort/snort.inc");
….

All thanks!

P.S. What for guiconfig.inc has been included?  ::)

jimp

If the file is meant to be accessed using the Web Interface, that include makes sure that a user is prompted for a username and password before they are allowed access to the page.

If that script is meant to only be run from the CLI, it can have that include removed and it should be moved out of /usr/local/www - perhaps to /usr/local/bin - so that it cannot be accessed via the web without authentication. Otherwise, anyone who is allowed to hit the WebGUI port could trigger that script.

sergu61

Clearly, root through cron refresh rules cannot.
We will be refreshed therefore through webgui.

Thanks!