Snort mailing list archives
Re: I have written a Linux shell script to enable all Snort rules which were commented out
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 07 Apr 2014 20:54:03 -0400
On 4/7/2014 6:04 PM, Teo En Ming wrote:
Dear List, Originally, I had wanted to use Pulled Pork to enable all Snort rules which were commented out/disabled. But there is no comprehensive guide/manual on Pulled Pork which covers every step. So I thought better and decided to write a very simple Linux shell script to un-comment/enable all the Snort rules which were commented out/disabled. The source code only consists of a few lines.
the first thing to note is that you do not want /all/ rules enabled... you would get so many alerts for traffic that is normal or FP (false positive) for your network that you would not be able to see the real threats traversing your network... you have to tune snort for your network traffic... that means that you need to know what software is being used and enable only those rules that cover vulnerabilities that are known in that software... tuning is a major item... there is no "one size fits all" glove for any network... without tuning, you are fighting a loosing battle... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- I have written a Linux shell script to enable all Snort rules which were commented out Teo En Ming (Apr 07)
- Re: I have written a Linux shell script to enable all Snort rules which were commented out Jeremy Hoel (Apr 07)
- Re: I have written a Linux shell script to enable all Snort rules which were commented out waldo kitty (Apr 07)