Snort mailing list archives
Re: instant snort sigs for new vulnerabilites
From: Bennett Todd <bet () rahul net>
Date: Wed, 3 Jul 2002 09:23:29 -0400
I've got a fairly automated process here. I've a recommendation for you, though: arrange your automated process so it keeps the previous rules around, and falls back to them if snort refuses to start. Not all snortrules.tar.gz files will run unmodified. So far, I've seen one sort of fix that has been required: some versions of snortrules ship with an include that references a file that's not there. I'm fixing that with: perl -pi.bak -le 's/^/#/ if m#^include .*/(.*)# and ! -f $1' snort.conf In the snortrules.tar.gz sometime near June 24, this #-ed out the line include $RULE_PATH/experimental.rules -Bennett
Attachment:
_bin
Description:
Current thread:
- instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
- Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)