Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I have written a Linux shell script to enable all Snort rules which were commented out

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 07 Apr 2014 20:54:03 -0400
On 4/7/2014 6:04 PM, Teo En Ming wrote:

Dear List,

Originally, I had wanted to use Pulled Pork to enable all Snort rules which were
commented out/disabled. But there is no comprehensive guide/manual on Pulled
Pork which covers every step. So I thought better and decided to write a very
simple Linux shell script to un-comment/enable all the Snort rules which were
commented out/disabled. The source code only consists of a few lines.


the first thing to note is that you do not want /all/ rules enabled... you would 
get so many alerts for traffic that is normal or FP (false positive) for your 
network that you would not be able to see the real threats traversing your 
network...

you have to tune snort for your network traffic... that means that you need to 
know what software is being used and enable only those rules that cover 
vulnerabilities that are known in that software...

tuning is a major item... there is no "one size fits all" glove for any 
network... without tuning, you are fighting a loosing battle...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: