Quote:
Originally Posted by nkd
But I donot have a preproc_rules directory or a so_rules directory.
|
Preprocs are in the "snort-common-libraries" package.
Quote:
Originally Posted by nkd
BTW the rules directory and the rules in it were part of the apt-get install of the snort.
|
Dependencies may get installed automagically but rules are in the "snort-rules-default" package.
Quote:
Originally Posted by nkd
I didnot download them from the snort website separately and install them.
|
You should update them. If you use Snort rules use Oinkmaster or else see the Emerging Threats site for details.
Quote:
Originally Posted by nkd
I am wondering if the pre-processor is working at all without the rules in the preproc directory ?!?!?
|
Snort comes with multiple preprocessors (see the "snort-doc" package). Some, like http_inspect or sfportscan may work but others like SSH/SSL may not w/o preloading dynamic preprocessor libraries.