Forums

×

Warning

JUser: :_load: Unable to load user with ID: 204071
Medium
Offline
Resolved
0 votes
Hello, can I see the configuration of IDS/IPS Snort, wich is used in clearOS? And how to do it?
Tuesday, December 18 2018, 12:13 PM
Share this post:
Responses (4)
  • Accepted Answer

    Tuesday, December 18 2018, 03:03 PM - #Permalink
    Resolved
    1 votes
    /etc/snort.conf and the Webconfig.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 19 2018, 04:28 AM - #Permalink
    Resolved
    0 votes
    I have a similar issue...9apps
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 19 2018, 02:32 PM - #Permalink
    Resolved
    0 votes
    Hmm, this thread peaked my curiosity. Looked at my snort.conf and noticed 2121 wasn't included in the ftp ports. Am I missing something or is that just an oversight?

    Make sure you
    systemctl restart snort.service
    after making any changes to the config file.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 19 2018, 03:04 PM - #Permalink
    Resolved
    0 votes
    Dirk Albring wrote:
    Hmm, this thread peaked my curiosity. Looked at my snort.conf and noticed 2121 wasn't included in the ftp ports. Am I missing something or is that just an oversight?
    I can't see the parameter "FTP_PORTS" used anywhere. In the "FTP / Telnet normalization and anomaly detection" the ports are again restricted to 21, 2100 and 3535. In the rules, they are all hardcoded with 21, so no 2121 or 990. If there is a bug to be filed, it would extend FTP_PORTS to cover 2121 and 989/990 and to change the ClearCenter ftp rules from 21 to $FTP_PORTS.
    The reply is currently minimized Show
Your Reply