Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf!

[waldo kitty <wkitty42 () windstream net>]

On 4/12/2014 2:37 AM, Teo En Ming wrote:
> You still need a program to check if the rule files in /etc/snort/rules are
> missing in the include statements in /etc/snort/snort.conf.
>
> Here is the output from my Linux shell script:
>
> [root@localhost teo-en-ming]# ./detect-missing-snort-rule-files.sh
> black_list.rules not included in /etc/snort/snort.conf!

this one is for the reputation processor... it does not contain rules... only IP 
addresses...

> deleted.rules not included in /etc/snort/snort.conf!

all of these are commented out because they have been removed for various reasons...

> VRT-License.txt not included in /etc/snort/snort.conf!

this is not a rule file!

> white_list.rules not included in /etc/snort/snort.conf!

this one goes with black_list.rules above... it, also, does not contain any 
rules... only IP addresses...

while your idea and script are good, blindly including all rules files is not a 
good thing to do...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!