I configured to install Snort on my Ubuntu 12.04 which also included Barnyard2 and BASE installation. I am using the downloadable rules on Snort's website which requires me to sign up there to get the oinkcode.
But however, after I investigate the rules that I had extracted to /etc/snort/rules directory where all the rules are, all those rules are just plain empty.
Here is one of the rules look like
# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#------------
# SCAN RULES
#------------
Can anyone help me to point out what is wrong with these rules?
I downloaded the snortrules-snapshot-2970.tar.gz with the oinckode I got which used the snort-2.9.7.0. Are there any solutions? I could post the snort configuration file (snort.conf) too if needed, I don't know how to make it shorter in post though.
