Re: Rule is already commented

[Chris Green <cmg () uab edu>]

"Ronneil Camara" <ronneilc () remingtonltd com> writes:

> Just would like to know the reason.
>
> I was doing a program which will keep your old rules including the
> commented rules.  It compares it the new rules.  I just actually
> grab another guys copy which is also on this list. But I have almost
> added many conditional statements, and string streamings and
> modification in some lines to make the commenting in the new rule
> almost perfect. I will RELEASE it soon.

This has already been done a good bit.

http://www.algonet.se/~nitzer/oinkmaster/
> Here is what I did. As an example, I used web-iis.rules
>
> 1. I commented 8 lines
> 2. Run the script I made
> 3. Upon checking the new generated web-iis.rules, there were at least 13 lines that was commented.
>
> So, I kept finding the problem in my script. Until 4 hours of
> troubleshooting, I opened snortrules.tar.gz which I recently and
> opened web-iis.rules. I found out that there were already commented
> rules there. :-) Even the cvs copy of web-iis.rules was already
> commented.

snortrules.tar.gz is automatically generated from CVS.

> What would be the reason why it was commented?

Probably following discussioon on snort-sigs - atleast include the
sids  or the rules that were commented out.
-- 
Chris Green <cmg () uab edu>
Laugh and the world laughs with you, snore and you sleep alone.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users