What steps will reproduce the problem?
1. Add a modifysid.conf line for a rule auto-enabled by flowbits.
2.
3.
What is the expected output? What do you see instead?
The rule should be modified by the PCRE replace as specified.
What version of the product are you using? On what operating system?
PulledPork v0.6.1. Ubuntu 12.04 LTS with Security Onion plugins.
Please provide any additional information below.
I've tried moving the modifysid config line up in pulledpork.conf. I've also
tried changing the load order to disable, drop, enable.
The only way to resolve the issue is to finally enable the rule in
enablesid.conf. It seems like modifysid would more properly be suited to be
executed after the flowbits rules are enabled. If you watch the output,
modifysid rules first.
Rules: ET Policy Vulnerable Java 1.x
Original issue reported on code.google.com by dylan.me...@gmail.com on 6 Feb 2014 at 8:24
Original issue reported on code.google.com by
dylan.me...@gmail.comon 6 Feb 2014 at 8:24