Snort mailing list archives
RE: Re: Updating Rules
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Mon, 2 Aug 2004 10:42:55 -0400
How do you "hardcode" a script? You can't replace the hostnames with XXXXXXXX? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Thompson, Jimi Sent: Friday, July 30, 2004 10:27 PM To: Richard Bejtlich; snort-users () lists sourceforge net Subject: RE: [Snort-users] Re: Updating Rules We use a "trusted host" that uses PKI to authenticate and SSH out to each of the SNORT sensors to push new rules out. It's scripted and when we push new rules, we kick off the script. It goes out, writes the new rules to each sensor and then restarts SNORT. It's fairly simple to write. I'd attach it, but our hostnames are hard coded in. Jimi -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Richard Bejtlich Sent: Friday, July 30, 2004 4:35 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Re: Updating Rules Lyndon Tiu wrote: On a similar note, how do you update automatically? -- Lyndon, I documented a sample Oinkmaster session in my Blog: http://taosecurity.blogspot.com/2004_07_01_taosecurity_archive.html#1089 57531936280978 Keith's recommendation for Oinkmaster is the way to go. Sincerely, Richard http://www.taosecurity.com ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Updating Rules Kenneth Trimmmer (Jul 30)
- RE: Updating Rules Jeff Dell (Aug 04)
- <Possible follow-ups>
- Re: Updating Rules Lyndon Tiu (Jul 30)
- Re: Updating Rules Keith W. McCammon (Jul 30)
- Re: Updating Rules Patrick Harper (Aug 04)
- Re: Updating Rules Richard Bejtlich (Jul 30)
- RE: Re: Updating Rules Thompson, Jimi (Jul 30)
- RE: Re: Updating Rules Esler, Joel - Contractor (Aug 02)