Re: oinkmaster - disabling rules without getting new updates

[Andreas Östling <andreaso () it su se>]

On Monday 19 September 2005 23:12, Humes, David G. wrote:
> The oinkmaster
> documentation is fairly insistent about not editing the rules files
> directly.  But, one approach is to edit the appropriate rules file
> and restart snort, and also edit the oinkmaster.conf file to make
> certain the rule does not get re-enabled. 

That sounds like a good way to do it. The documentation is insistent 
about not editing rules files directly mostly because it's easy to do 
manual tweaks in them and forget that Oinkmaster will overwrite the 
rules in the next update. But you obviously understand how it works so 
I don't see a problem with that.

/Andreas


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users