oinkmaster.conf enterred disablesid - get enbalbed

[Snortty <cwcwcwg () yahoo com>]

Hi, All;

I tried to diable some rules by put # in frot of the
rule (here is in the icmp.rule file), and enter it in
the oinkmaster.conf at the bottom of the file as: 

disablesid 485

Then, I just run it simply:

oinkmaster-0.8# oinkmaster.pl -o
/snort/snort-2.0.1/rules/

to see if the change in rule.icmp will be overwritten.


It got overwritten after I run it, and output shows: 

[+++]         Enabled rules:         [+++]

     -> Enabled in icmp.rules (1):
        alert icmp any any -> any any (msg:"ICMP
Destination Unreachable (Communication
Administratively Prohibited)"; itype: 3; icode: 13;
sid:485;  classtype:misc-activity; rev:2;)

This is the rule I put # in front of alert, and in the
oinkmaster.conf with SID number, now it's enabled
after I run oinkmaster.pl. 

Did I miss anything, anyone please?

Thanks a LOT!
SW. 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users