Snort mailing list archives
Re: Rule management
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 28 Nov 2001 10:18:11 +1300
On Tue, Nov 27, 2001 at 06:33:37AM -0500, Jason Lewis wrote:
Is anyone updating a master rule list and pushing updates to sensors? I have tossed around different ideas for doing this and thought maybe I could get some feedback here. I was thinking a directory structure that had folders for each sensor and rules were updated automatically via scp. Thoughts?
Yup. I have a cronjob that every night downloads snortrules, unpacks it, and diffs it against the "live" environ. The diffs are Emailed to me. When I see there has been an update, I can eyeball what's changed (that's the "enhanced-security" element :-) and if I like what I see, re-run the script with the "--live" arg to push those changes live. After going live, the script rsync's-over-ssh to our other Snort systems... -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Michael Boman (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- Re: Re: Snort Wizard comming soon! Guillaume (Nov 27)
- Re: Snort Wizard comming soon! Alex Rodrigues (Nov 27)
- RE: Rule management Jason Lewis (Nov 27)
- RE: Rule management Jeff Dell (Nov 27)
- Re: Rule management Blake Frantz (Nov 28)
- Re: Rule management Matthias Hofherr (Nov 28)
- <Possible follow-ups>
- Rule management larc (Nov 28)
- RE: Rule management Matthew York (Nov 28)
- RE: Rule management Roman Danyliw (Nov 28)