Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Steve on September 06, 2002, 11:59:23 AM

Title: Remove Snort/Acid signature
Post by: Steve on September 06, 2002, 11:59:23 AM

I'm using phpWebsite and when users access
http://mydomain.com/mod.php?mod=calendar&op=month_view

The 'WEB-CGI calendar access' is triggered and since I'm using snort_guardian the person's IP is blocked for 24 hours.  Does anyone know how to remove this from the Snort database?  

Thanks

Title: Re: Remove Snort/Acid signature
Post by: Brian on September 06, 2002, 09:16:57 PM

Do you want to remove the guardian addon?

rpm -e trevor-mitel-guardian

Title: Re: Remove Snort/Acid signature
Post by: Tom Veitch on September 06, 2002, 11:31:21 PM

Yes just edit the snort.conf file you will find the rules at the end of the file the snort.conf file is in the /etc/snort/snort.conf

Tom
Steve wrote:
>
> I'm using phpWebsite and when users access
> http://mydomain.com/mod.php?mod=calendar&op=month_view
>
> The 'WEB-CGI calendar access' is triggered and since I'm
> using snort_guardian the person's IP is blocked for 24
> hours.  Does anyone know how to remove this from the Snort
> database?
>
> Thanks

Title: Re: Remove Snort/Acid signature
Post by: Marl on September 29, 2002, 08:43:15 PM

Uh, if you notice, /etc/snort/snort.conf tells you "DO NOT MODIFY THIS FILE"

you have to modify the template.

Mark

Title: Re: Remove Snort/Acid signature
Post by: Steve on September 29, 2002, 10:11:48 PM

Editing the snort.conf file worked just fine.  I'm not sure if it was designed to work with the template system.