Setting up Snort Rules (for a first timer)

[Ibrahim Ahmed via Snort-users <snort-users () lists snort org>]

Hi everyone,

First time snort user here. A question about setting up the rules in Snort
2.9.9.

snort.conf lists the following under its *Step #7: 'Customize your rule se*t'
section.






*# site specific rulesinclude $RULE_PATH/local.rulesinclude
$RULE_PATH/app-detect.rulesinclude $RULE_PATH/attack-responses.rulesinclude
$RULE_PATH/backdoor.rules*

I see that all of these rules, '*app-detect*', '*attack-responses*', etc
are fleshed out (as single rules, not files) in the 'community.rules'
package that is downloaded from the Snort website. However, it looks like
snort.conf treats them as individual files.

Hence my following compile error *ERROR: etc/../rules/app-detect.rules(0)
Unable to open rules file "etc/../rules/app-detect.rules": No such file or
directory*.

I'd appreciate an explanation of how the community.rules is to be
integrated into my Snort directory.

Many thanks,
Ibrahim

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!