Snort mailing list archives
Re: Switching snort from IDS to IPS mode
From: Jim Campbell <jim () w4bqp net>
Date: Sat, 3 Feb 2018 08:47:39 -0500
I run the following snippet from a shell script to change the rules from alert to block. I am running snort 2.9.9.0 inline (IPS) under Ubuntu 17.04.
echo "Change 'alert' to 'block' for snort.rules ========================"sudo awk '{sub("alert","block",$0); print;}' /etc/snort/rules/snort.rules > /etc/snort/rules/snortd.rules
On 2/3/2018 6:42 AM, bobby via Snort-users wrote:
I am running Snort inline. I am running Linux.What would be the easiest way to replace all rules with drop from alert? Would I have to run a script to modify each rule, or is there an easier way?
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Switching snort from IDS to IPS mode bobby via Snort-users (Feb 02)
- Re: Switching snort from IDS to IPS mode wkitty42 (Feb 02)
- Re: Switching snort from IDS to IPS mode Martin Lee via Snort-users (Feb 02)
- Re: Switching snort from IDS to IPS mode bobby via Snort-users (Feb 03)
- Re: Switching snort from IDS to IPS mode Marcin Dulak via Snort-users (Feb 03)
- Re: Switching snort from IDS to IPS mode Jim Campbell (Feb 03)
- Re: Switching snort from IDS to IPS mode James Lay (Feb 03)
- Re: Switching snort from IDS to IPS mode wkitty42 (Feb 02)
- Re: Switching snort from IDS to IPS mode Ngnr Pu via Snort-users (Feb 11)