Snort mailing list archives
RE: snort automaticly rules update
From: Dr SuSE <drsuse () drsuse org>
Date: Wed, 25 Jul 2001 19:29:51 GMT
All you have to do is edit a few lines and you can use the script to download the snortrules.tar.gz file from sourceforge. Here, I'll give you a place to start wget http://snort.sourceforge.net/snortrules.tar.gz
Good simple script for Max's vision rules. Does anyone have a script to update Snort 1.8 rules from snort.org?? -----Original Message----- From: Dr SuSE [mailto:drsuse () drsuse org] Sent: Wednesday, July 25, 2001 12:02 PM To: ml () db nexgen com; snort-users () lists sourceforge net Subject: Re: [Snort-users] snort automaticly rules update It sure is. There are a few scripts floating around that will do that. Here's one I used to download the latest vision.rules and remove the rules that I didnt need or want. This might not be the best example but it worked for me and that's all that really matters.....me :) If you want to run it every month, just cron it. One thing to remember, the script does not know if the entire rules file was downloaded. If it was only able to do a partial download due to network or server issues, it would not know and it would end up loading an incomplete rules file. What's that? You say your gonna order a unix shell scripting book from bookpool and write us a kick as script which will update our snort rules and check the integrity of the rule files. Dude, you rock! Let us know when it's ready. #!/bin/sh cd /tmp wget -q http://www.whitehats.com/ids/vision.rules.gz gunzip /tmp/vision.rules.gz /etc/rc.d/snort stop rm /etc/snort/rules/vision.rules sed -e '/IDS175/d' -e '/IDS221/d' -e '/IDS226/d' -e '/IDS227/d' -e '/IDS243/d' - e '/IDS259/d' -e '/IDS298/d' /tmp/vision.rules > /etc/snort/rules/vision.rules rm /tmp/vision.rules /etc/rc.d/snort start echo Vision Rules Updated!is it possible to somehow make my box to download every other month or so new rules from snort website and update them? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersScore my PGP key @ http://www.drsuse.org/pks --------------------------------------------- Microsoft ist nicht installiert. http://www.drsuse.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Score my PGP key @ http://www.drsuse.org/pks --------------------------------------------- Microsoft ist nicht installiert. http://www.drsuse.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort automaticly rules update alexus (Jul 25)
- <Possible follow-ups>
- Re: snort automaticly rules update Dr SuSE (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- Fatal Error OpenLogFile Scott (Jul 25)
- RE: snort automaticly rules update Ian (Jul 25)
- RE: snort automaticly rules update Dragos Ruiu (Jul 26)
- RE: snort automaticly rules update Dr SuSE (Jul 25)