Re: rules in snort inline

[Tomas Heredia <tomas.heredia () activesec biz>]

El 15/06/2010 04:33 p.m., black_angel black_angel escribió:
> hey everybody,
> i try to change all the rules for my snort inline from mode "alert" to
> "drop"
Don't do that, unless you have carefully selected the rules, and all of
them are adequate to be put as drop.
> i used this script but it doesn't work correctly:
> *
> cd /etc/snort_inline/rules/*
> *for file in $(ls -1 *.rules)*
> *do*
> *               sed -e 's:^alert:drop:g' ${file} > ${file}.new*
> *               mv ${file}.new ${file} -f*
> *done*
> if someone have another script or any idea
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
> lucky parental unit.  See the prize list and enter to win: 
> http://p.sf.net/sfu/thinkgeek-promo
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users