Snort mailing list archives
RE: snort automaticly rules update
From: Dragos Ruiu <dr () kyx net>
Date: Thu, 26 Jul 2001 20:34:43 -0700
Another way might be to use snortpp to merge in rules updates according to snort IDs and revision levels.... mv snort.rules snort.rules.old wget http://www.snort.org/snort.rules mv snort.rules snort.rules.new snortpp snort.rules.old snort.rules.new > snort.rules cheers, --dr On Wed, 25 Jul 2001, Ian () dtm ca wrote:
Good simple script for Max's vision rules. Does anyone have a script to update Snort 1.8 rules from snort.org?? -----Original Message----- From: Dr SuSE [mailto:drsuse () drsuse org] Sent: Wednesday, July 25, 2001 12:02 PM To: ml () db nexgen com; snort-users () lists sourceforge net Subject: Re: [Snort-users] snort automaticly rules update It sure is. There are a few scripts floating around that will do that. Here's one I used to download the latest vision.rules and remove the rules that I didnt need or want. This might not be the best example but it worked for me and that's all that really matters.....me :) If you want to run it every month, just cron it. One thing to remember, the script does not know if the entire rules file was downloaded. If it was only able to do a partial download due to network or server issues, it would not know and it would end up loading an incomplete rules file. What's that? You say your gonna order a unix shell scripting book from bookpool and write us a kick as script which will update our snort rules and check the integrity of the rule files. Dude, you rock! Let us know when it's ready. #!/bin/sh cd /tmp wget -q http://www.whitehats.com/ids/vision.rules.gz gunzip /tmp/vision.rules.gz /etc/rc.d/snort stop rm /etc/snort/rules/vision.rules sed -e '/IDS175/d' -e '/IDS221/d' -e '/IDS226/d' -e '/IDS227/d' -e '/IDS243/d' - e '/IDS259/d' -e '/IDS298/d' /tmp/vision.rules > /etc/snort/rules/vision.rules rm /tmp/vision.rules /etc/rc.d/snort start echo Vision Rules Updated!is it possible to somehow make my box to download every other month or so new rules from snort website and update them? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersScore my PGP key @ http://www.drsuse.org/pks --------------------------------------------- Microsoft ist nicht installiert. http://www.drsuse.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort automaticly rules update alexus (Jul 25)
- <Possible follow-ups>
- Re: snort automaticly rules update Dr SuSE (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: snort automaticly rules update Ian (Jul 25)
- RE: snort automaticly rules update Dragos Ruiu (Jul 26)
- RE: snort automaticly rules update Dr SuSE (Jul 25)