Snort mailing list archives
re: instant snort sigs for new vulnerabilites
From: "Maarten" <subscriptions () hartsuijker com>
Date: Wed, 3 Jul 2002 09:15:12 +0200
Hi Steve, I am using oinkmaster (ftp://ftp.it.su.se/pub/users/andreas/oinkmaster/oinkmaster-0.5.tar.gz) to update my ruleset from cron every hour. It's a perl script that fetches the latest rules. You can also specify sids that you do not want activated in your configuration. One downside: oinkmaster deactivates (at least the version I once downloaded) sids by placing a "#" at the beginning of a rule. It also activates all rules with a "#" at the beginning of a line when they are not specified by oinkmaster. Since the new 1.9 rules are commented out with a "#", you will have problems with 1.8 because oinkmaster uncomments the lines. You could fix it in the perl script or clean the snortrules before giving them to oinkmaster. maarten #is there a tool/method out there that will retrieve the *latest* snort #signatures automatically? for those of us not running snort via CVS, id #like a way to do something like cvsup, but _only_ update my ruleset #every night or whatever. # #- -- #- -steve ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
- Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)