Question: Examine the rules in /etc/snort/rules/ and find the duplicate rule. What is the sid: number for the duplicate rule? (Hint: answer is the higher of
Examine the rules in /etc/snort/rules/ and find the duplicate rule. What is the sid: number for the duplicate rule? (Hint: answer is the higher of the two SID numbers.) i am stuck on this and these are the commands i tried![$_ Applications [VNC config] Terminal - root@snort: /... Terminal - root@snort: /var/log/snort](https://dsd5zvtm8ll6.cloudfront.net/si.experts.images/questions/2024/02/65cbd86d95d51_02965cbd86d6898b.jpg)
$_ Applications [VNC config] Terminal - root@snort: /... Terminal - root@snort: /var/log/snort Help File Edit View Terminal Tabs root@snort: /var/log/snort# cat community-web-php.rules cat: community-web-php.rules: No such file or directory root@snort: /var/log/snort# grep -r "duplicate rule" /etc/snort/rules root@snort: /var/log/snort# grep -r "duplicate rule" /etc/snort/rules root@snort: /var/log/snort# grep -ril "duplicate" /etc/snort/rules /etc/snort/rules/community-web-php.rules 17:32 root /etc/snort/rules/deleted.rules root@snort: /var/log/snort# grep -r "duplicate" /etc/snort/rules /etc/snort/rules/community-web-php.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg: "COMMUNITY WEB-PHP Inde xu link_duplicate.php remote file include"; flow: to_server, established; uricontent: "admin/link_duplicate.php"; nocase; uricont ent: "admin_template_path="; nocase; pcre: "/admin_template_path= (https? | ftp)/Ui"; reference: bugtraq, 18477; classtype:web-applic ation-attack; sid: 100000612; rev:2;) /etc/snort/rules/community-web-php.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg: "COMMUNITY WEB-PHP Inde xu template_duplicate.php remote file include"; flow: to_server, established; uricontent: "admin/template_duplicate.php"; nocase; uricontent: "admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference: bugtraq, 18477; classtype:we b-application-attack; sid: 100000637; rev:2;) /etc/snort/rules/deleted.rules: # duplicate of 987 /etc/snort/rules/deleted.rules: # duplicate of sid: 1673 # basically duplicate of 330 # duplicate of 1478 /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: /etc/snort/rules/deleted.rules: # duplicate of 1248 # duplicate of 1249 # duplicate of 1755 # duplicate of 1538 # duplicate of 109 # duplicate of 110 # duplicate of 475 # duplicate of 1088 /etc/snort/rules/deleted.rules: # duplicate of 1546 root@snort: /var/log/snort# grep -r "duplicate rules" /etc/snort/rules root@snort: /var/log/snort# grep -r "duplicaterules" /etc/snort/rules root@snort: /var/log/snort# grep "duplicate" /etc/snort/rules grep: /etc/snort/rules: Is a directory root@snort: /var/log/snort# grep "duplicate" /etc/snort/rules
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts