Snort mailing list archives
Re: snort automaticly rules update
From: Dr SuSE <drsuse () drsuse org>
Date: Wed, 25 Jul 2001 19:01:49 GMT
It sure is. There are a few scripts floating around that will do that. Here's one I used to download the latest vision.rules and remove the rules that I didnt need or want. This might not be the best example but it worked for me and that's all that really matters.....me :) If you want to run it every month, just cron it. One thing to remember, the script does not know if the entire rules file was downloaded. If it was only able to do a partial download due to network or server issues, it would not know and it would end up loading an incomplete rules file. What's that? You say your gonna order a unix shell scripting book from bookpool and write us a kick as script which will update our snort rules and check the integrity of the rule files. Dude, you rock! Let us know when it's ready. #!/bin/sh cd /tmp wget -q http://www.whitehats.com/ids/vision.rules.gz gunzip /tmp/vision.rules.gz /etc/rc.d/snort stop rm /etc/snort/rules/vision.rules sed -e '/IDS175/d' -e '/IDS221/d' -e '/IDS226/d' -e '/IDS227/d' -e '/IDS243/d' - e '/IDS259/d' -e '/IDS298/d' /tmp/vision.rules > /etc/snort/rules/vision.rules rm /tmp/vision.rules /etc/rc.d/snort start echo Vision Rules Updated!
is it possible to somehow make my box to download every other month or so new rules from snort website and update them? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Score my PGP key @ http://www.drsuse.org/pks --------------------------------------------- Microsoft ist nicht installiert. http://www.drsuse.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort automaticly rules update alexus (Jul 25)
- <Possible follow-ups>
- Re: snort automaticly rules update Dr SuSE (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: snort automaticly rules update Ian (Jul 25)
- RE: snort automaticly rules update Dragos Ruiu (Jul 26)
- RE: snort automaticly rules update Dr SuSE (Jul 25)