Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Remove Snort/Acid signature
« previous next »
Pages: [1]   Go Down

Remove Snort/Acid signature

  • 4 Replies
  • 660 Views

Steve

Remove Snort/Acid signature
« on: September 06, 2002, 11:59:23 AM »
I'm using phpWebsite and when users access
http://mydomain.com/mod.php?mod=calendar&op=month_view

The 'WEB-CGI calendar access' is triggered and since I'm using snort_guardian the person's IP is blocked for 24 hours.  Does anyone know how to remove this from the Snort database?  

Thanks
Logged

Brian

Re: Remove Snort/Acid signature
« Reply #1 on: September 06, 2002, 09:16:57 PM »
Do you want to remove the guardian addon?

rpm -e trevor-mitel-guardian
Logged

Tom Veitch

Re: Remove Snort/Acid signature
« Reply #2 on: September 06, 2002, 11:31:21 PM »
Yes just edit the snort.conf file you will find the rules at the end of the file the snort.conf file is in the /etc/snort/snort.conf

Tom
Steve wrote:
>
> I'm using phpWebsite and when users access
> http://mydomain.com/mod.php?mod=calendar&op=month_view
>
> The 'WEB-CGI calendar access' is triggered and since I'm
> using snort_guardian the person's IP is blocked for 24
> hours.  Does anyone know how to remove this from the Snort
> database?
>
> Thanks
Logged

Marl

Re: Remove Snort/Acid signature
« Reply #3 on: September 29, 2002, 08:43:15 PM »
Uh, if you notice, /etc/snort/snort.conf tells you "DO NOT MODIFY THIS FILE"

you have to modify the template.

Mark
Logged

Steve

Re: Remove Snort/Acid signature
« Reply #4 on: September 29, 2002, 10:11:48 PM »
Editing the snort.conf file worked just fine.  I'm not sure if it was designed to work with the template system.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Remove Snort/Acid signature