pcre:fwsam

  • Upgraded the server memory from 256MB to 768MB
  • Installed a 80GB Maxtor Hard Drive
[root@luisaranguren]# hdparm -i /dev/sdb

/dev/sdb:

Model=Maxtor 4R080L0, FwRev=RAMC1TU0, SerialNo=R29XVRME
Config={ Fixed }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=57
BuffType=DualPortCache, BuffSize=2048kB, MaxMultSect=16, MultSect=16
CurCHS=4047/16/255, CurSects=16511760, LBA=yes, LBAsects=160086528
IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5 udma6
AdvancedPM=yes: disabled (255) WriteCache=enabled
Drive conforms to: ATA/ATAPI-7 T13 1532D revision 0: ATA/ATAPI-1,2,3,4,5,6,7

* signifies the current active mode

  • Installed a 1TB hard drive in my desktop box ~3TB total storage
  • Installed and configured pulledpork to update snort rules
had to add pcre:fwsam to disablesid.conf to avoid a fwsam error in snort
  • Fine tuned and fixed a few snort errors
  • To make it easier to catch problems added to /etc/mysql/my.cnf

  • [mysqld]
    log-error=/var/log/mysql/error.log

2 Comments

  1. Hey. Maybe you can help me out. I still receive those:

    /etc/snort/rules# ERROR: /etc/snort/rules/snort.rules(16600) Unknown rule option: ‘fwsam’.
    Fatal Error, Quitting..

    messages. Can you help me out somehow? I’ve added the line “pcre:fwsam” to: /etc/snort/disablesid.conf and still got the same problem.

    Cheers,
    David

  2. You have to specify the path to disablesid.conf inside pulledpork.conf. In my case:

      # Here you can specify what rule modification files to run automatically.
      # simply uncomment and specify the apt path.
      # enablesid=/usr/local/etc/snort/enablesid.conf
      # dropsid=/usr/local/etc/snort/dropsid.conf
      disablesid=/etc/snort/pulledpork/disablesid.conf
      # modifysid=/usr/local/etc/snort/modifysid.conf

Leave a Reply

Your email address will not be published. Required fields are marked *