Re: Rule management

[Matthias Hofherr <Matthias_Hofherr () genua de>]

Hi Jason,

On Tue, 27 Nov 2001, Jason Lewis wrote:

[...]
> Is anyone updating a master rule list and pushing updates to sensors?  I
> have tossed around different ideas for doing this and thought maybe I could
> get some feedback here.  I was thinking a directory structure that had
> folders for each sensor and rules were updated automatically via scp.
> Thoughts?

We at GeNUA are currently working on a project to manage all rules on a
Central Server in a MySQL-DB. The basic ruleset is managed in a master
table, the individual changes to the rules per sensor in another.
An additional table manages all the individual sensor configuration
options.
Via a web-gui (cgi.pm/DBI) it is possible to create flatfiles for each
sensor (snort.conf/*.rules/classification.config...).
The flatfiles reside in a directory structure.
With scp the rules are transferred to the sensors.
With ssh the sensors get a HUP.

We hope to publish the code in Q1 next year under GPL.
If someone is interested in discussing details and sharing ideas,
drop me an email.

Have fun,

Matthias Hofherr

> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
 Matthias Hofherr             EMail: Matthias_Hofherr () GeNUA de
 GeNUA mbH 85551 Kirchheim    Voice: +49 (89) 991950-0
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users