I hereby claim:
- I am jmtaylor90 on github.
- I am trex421 (https://keybase.io/trex421) on keybase.
- I have a public key ASDpC4gTI_QuKynQZGPIYYPkga7LMySFsIjuzBD-O_OtKQo
To claim this, I am signing this object:
# Extensible Event Format (nicknamed EVE) event log in JSON format | |
- eve-log: | |
enabled: yes | |
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis | |
filename: alert.json | |
pcap-file: true | |
community-id: true | |
community-id-seed: 0 | |
types: | |
- alert: |
#! /usr/bin/env python3 | |
from scapy.all import DNS, DNSQR, IP, sr1, UDP | |
dns_req = IP(dst='8.8.8.8')/TCP(dport=53)/DNS(opcode=8,rd=1, qd=DNSQR(qname='www.google.com')) | |
answer = sr1(dns_req, verbose=0) | |
print(answer[DNS].summary()) |
I hereby claim:
To claim this, I am signing this object:
- eve-log: | |
enabled: yes | |
filetype: regular | |
filename: flow.json | |
types: | |
- flow |
[69914] 26/9/2019 -- 16:26:26 - (detect-content.c:400) <Error> (DetectContentPMATCHValidateCallback) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - signature can't match as content length 62 is bigger than dsize 5. | |
Please see: https://suricata.readthedocs.io/en/latest/rules/payload-keywords.html#content |
Run Build Command:"/usr/bin/gmake" "cmTC_54245/fast" | |
/usr/bin/gmake -f CMakeFiles/cmTC_54245.dir/build.make CMakeFiles/cmTC_54245.dir/build | |
gmake[1]: Entering directory '/builddir/build/BUILD/hyperscan-5.1.0/CMakeFiles/CMakeTmp' | |
Building C object CMakeFiles/cmTC_54245.dir/src.c.o | |
/usr/bin/cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DBACKTRACE_LIBC -o CMakeFiles/cmTC_54245.dir/src.c.o -c /builddir/build/BUILD/hyperscan-5.1.0/CMakeFiles/CMakeTmp/src.c | |
/builddir/build/BUILD/hyperscan-5.1.0/CMakeFiles/CMakeTmp/src.c: In function 'main': | |
/builddir/build/BUILD/hyperscan-5.1.0/CMakeFiles/CMakeTmp/src.c:3:15: warning: null argument where non-null required (argument 1) [-Wnonnull] | |
3 | int main () { backtrace(NULL, 0); |
[jason@builder hyperscan]$ rpm --eval "%cmake" | |
CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic}" ; export CFLAGS ; | |
CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic}" ; export CXXFLAGS ; | |
FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; | |
FCFLAGS="${FCFLAGS:--O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -gre |