Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I have written a Linux shell script to enable all Snort rules which were commented out

From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 7 Apr 2014 22:58:18 +0000
For you to get real help you'll need to post error messages and take the
time to look at whats online.  Pulled-pork has very good documentation, a
mailing list and it's easy to use.  So while you can use your script,
running ALL snort rules at once is a bad idea and will probably cause
something to break (probably since I haven't tried it before).

You know enough to script, which means you should be able to do tests, look
at error messages and provide some information that could help us respond
to a question in an effective manner.




On Mon, Apr 7, 2014 at 10:04 PM, Teo En Ming <teo.en.ming () gmail com> wrote:


Dear List,

Originally, I had wanted to use Pulled Pork to enable all Snort rules
which were commented out/disabled. But there is no comprehensive
guide/manual on Pulled Pork which covers every step. So I thought better
and decided to write a very simple Linux shell script to un-comment/enable
all the Snort rules which were commented out/disabled. The source code only
consists of a few lines.

===Start of Linux Shell Script===
#!/bin/sh
# Linux shell script: enable-all-snort-rules.sh
# Written by: Teo En Ming
# Email: teo.en.ming () gmail com
# Date: 8 April 2014 Tuesday 5:17 A.M. Singapore Time
# Version: 1.0

RULE_PATH=/etc/snort/rules

cd $RULE_PATH

for i in `ls -1 $RULE_PATH`
do
      echo "Enabling all Snort rules in $i"
      sed -i 's/^# //g' $i
done
===End of Linux Shell Script===

Use the program at your own risk! I assume no responsibility if you screw
up your Snort installation. I tried to un-comment all the Snort rules and
Snort couldn't start. Some enabled rules are preventing Snort from
starting. Somebody please advise.

Regards,

Teo En Ming



------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: