Package: acidlab Version: 0.9.6b20-13 Severity: serious When upgrading from sarge, acidlab mess with conffiles and triggers the dpkg conffiles handling for the file /etc/acidlab/acid_conf.php while I did not modify it, which is confusing.
See the piuparts log at <http://people.debian.org/~ballombe/misc/acidlab.piu> <snip> Setting up acidlab (0.9.6b20-13) ... Configuration file `/etc/acidlab/acid_conf.php' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : background this process to examine the situation The default action is to keep your current version. *** acid_conf.php (Y/I/N/O/D/Z) [default=N] ? D --- /etc/acidlab/acid_conf.php 2005-11-07 18:01:39.000000000 +0000 +++ /etc/acidlab/acid_conf.php.dpkg-new 2005-11-01 13:44:36.000000000 +0000 @@ -9,7 +9,7 @@ * $foo = "c:\tmp" [OK] * $foo = "c:\tmp\" [WRONG] */ -$DBlib_path = "/usr/share/adodb"; +$DBlib_path = "/usr/share/php/adodb"; /* The type of underlying alert database * @@ -17,7 +17,7 @@ * PostgresSQL : "postgres" * MS SQL Server : "mssql" */ -$DBtype = "mysql"; +$DBtype = "DBTYPE"; /* Alert DB connection parameters * - $alert_dbname : MySQL database name of Snort alert DB @@ -29,18 +29,18 @@ * This information can be gleaned from the Snort database * output plugin configuration. */ -$alert_dbname = "snort_log"; -$alert_host = "localhost"; -$alert_port = ""; -$alert_user = "root"; -$alert_password = "mypassword"; +$alert_dbname = "ALERT_NAME"; +$alert_host = "ALERT_HOST"; +$alert_port = "ALERT_PORT"; +$alert_user = "ALERT_USER"; +$alert_password = "ALERT_PASSWORD"; /* Archive DB connection parameters */ -$archive_dbname = "snort_archive"; -$archive_host = "localhost"; -$archive_port = ""; -$archive_user = "root"; -$archive_password = "mypassword"; +$archive_dbname = "ARCHIVE_NAME"; +$archive_host = "ARCHIVE_HOST"; +$archive_port = "ARCHIVE_PORT"; +$archive_user = "ARCHIVE_USER"; +$archive_password = "ARCHIVE_PASSWORD"; /* Type of DB connection to use * 1 : use a persistant connection (pconnect) @@ -221,22 +221,27 @@ /* Whois query */ $external_whois_link = "http://www.samspade.org/t/ipwhois?a=";; //$external_whois_link = "http://www.geektools.com/cgi-bin/proxy.cgi?targetnic=auto&query="; +// Alternative: +// $external_dns_link = "http://www.dnsstuff.com/tools/whois.ch?ip=";; /* DNS query */ $external_dns_link = "http://www.samspade.org/t/dns?a=";; +// Alternative: +// $external_dns_link = "http://www.dnsstuff.com/tools/lookup.ch?type=A&name=";; /* SamSpade "all" query */ $external_all_link = "http://www.samspade.org/t/lookat?a=";; /* TCP/UDP port database */ -$external_port_link = "http://www.snort.org/ports.html?port=";; -//$external_port_link = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=";; +// No longer available: +// $external_port_link = "http://www.snort.org/ports.html?port=";; +$external_port_link = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=";; /* Signature references */ $external_sig_link = array("bugtraq" => array("http://www.securityfocus.com/bid/";, ""), - "snort" => array("http://www.snort.org/snort-db/sid.html?sid=";, ""), + "snort" => array("http://www.snort.org/pub-bin/sigs.cgi?sid=";, ""), "cve" => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=";, ""), - "nessus" => array("http://cgi.nessus.org/plugins/dump.php3?id=";, ""), + "nessus" => array("http://www.nessus.org/plugins/index.php?view=single&id=";, ""), "arachnids" => array("http://www.whitehats.com/info/ids";, ""), "mcafee" => array("http://vil.nai.com/vil/content/v_";, ".htm"), "icat" => array("http://icat.nist.gov/icat.cfm?cvename=";, "")); 1 </snip> Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
