Snort mailing list archives
Re: rule sets on CVS
From: Bob Van Cleef <vancleef () microunity com>
Date: Thu, 6 Sep 2001 09:13:58 -0700 (PDT)
On Wed, 5 Sep 2001, Ramin Alidousti wrote:
On Wed, Sep 05, 2001 at 05:12:25PM -0700, Bob Van Cleef wrote:I would like to set up a script to routinely download and replace the rule sets. Has anyone else done so?Excuse my paranoia but is it wise to do so? How difficult is it to poison such a download? Maybe it's impossible; I've not thought about it thoroughly but just the idea of an automatic replacement of such an important thing seems scary to me. Ramin
It should be relatively easy to verify things. For one thing, someone would have to poison the CVS source that everyone is using, which should be uncovered rather quickly. Is there any difference between manually running a CVS update and running it through a script? I can't imagine that everyone runs a full suite of regression tests everytime they update their copy of source from CVS. Maybe that is the solution, develop some regression tests for snort. But, the paranoid would point out the the corrupter would simply need to insure that the corrupted version would pass the published regression tests.....
From my prespective, I am more likely to maintain an up to date set of
rules if I can automate their installation. If it takes 20 minutes to manually download, edit and install an updated rule set, that means I most likely will not get to it on a regular basis. Bob _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rule sets on CVS Bob Van Cleef (Sep 05)
- Re: rule sets on CVS Ramin Alidousti (Sep 05)
- Re: rule sets on CVS Bob Van Cleef (Sep 06)
- Re: rule sets on CVS Andreas Östling (Sep 06)
- Re: rule sets on CVS Ramin Alidousti (Sep 05)