Snort mailing list archives

Previous By Date Next
Previous By Thread Next

re: instant snort sigs for new vulnerabilites

From: "Maarten" <subscriptions () hartsuijker com>
Date: Wed, 3 Jul 2002 09:15:12 +0200
Hi Steve,

I am using oinkmaster
(ftp://ftp.it.su.se/pub/users/andreas/oinkmaster/oinkmaster-0.5.tar.gz) to
update my ruleset from cron every hour. It's a perl script that fetches the
latest rules. You can also specify sids that you do not want activated in
your configuration.

One downside: oinkmaster deactivates (at least the version I once
downloaded) sids by placing a "#" at the beginning of a rule. It also
activates all rules with a "#" at the beginning of a line when they are not
specified by oinkmaster. Since the new 1.9 rules are commented out with a
"#", you will have problems with 1.8 because oinkmaster uncomments the
lines.

You could fix it in the perl script or clean the snortrules before giving
them to oinkmaster.

maarten

#is there a tool/method out there that will retrieve the *latest* snort
#signatures automatically? for those of us not running snort via CVS, id
#like a way to do something like cvsup, but _only_ update my ruleset
#every night or whatever.
#
#- --
#- -steve




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: