Snort mailing list archives
Re: rules in snort inline
From: "Burks, Doug" <doug.burks () morris com>
Date: Tue, 15 Jun 2010 15:46:13 -0400
How about something like this? sed -i 's|^alert |drop |g' /etc/snort_inline/rules/*.rules Regards, -- Doug Burks, GPEN, GCIA, GSEC, CISSP http://securityonion.blogspot.com ________________________________ From: black_angel black_angel [mailto:black.sad.angel () gmail com] Sent: Tuesday, June 15, 2010 3:34 PM To: snort-users () lists sourceforge net Subject: [Snort-users] rules in snort inline hey everybody, i try to change all the rules for my snort inline from mode "alert" to "drop" i used this script but it doesn't work correctly: cd /etc/snort_inline/rules/ for file in $(ls -1 *.rules) do sed -e 's:^alert:drop:g' ${file} > ${file}.new mv ${file}.new ${file} -f done if someone have another script or any idea
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules in snort inline black_angel black_angel (Jun 15)
- Re: rules in snort inline JJC (Jun 15)
- Re: rules in snort inline Nigel Houghton (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Paul Schmehl (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Tomas Heredia (Jun 15)