Snort mailing list archives
Re: instant snort sigs for new vulnerabilites
From: Bennett Todd <bet () rahul net>
Date: Wed, 3 Jul 2002 09:23:29 -0400
I've got a fairly automated process here. I've a recommendation for
you, though: arrange your automated process so it keeps the previous
rules around, and falls back to them if snort refuses to start. Not
all snortrules.tar.gz files will run unmodified.
So far, I've seen one sort of fix that has been required: some
versions of snortrules ship with an include that references a file
that's not there. I'm fixing that with:
perl -pi.bak -le 's/^/#/ if m#^include .*/(.*)# and ! -f $1' snort.conf
In the snortrules.tar.gz sometime near June 24, this #-ed out the
line
include $RULE_PATH/experimental.rules
-Bennett
Attachment:
_bin
Description:
Current thread:
- instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
- Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)