Snort mailing list archives
Re: Rule is already commented
From: Chris Green <cmg () uab edu>
Date: Fri, 25 Jan 2002 09:12:11 -0600
"Ronneil Camara" <ronneilc () remingtonltd com> writes:
Just would like to know the reason. I was doing a program which will keep your old rules including the commented rules. It compares it the new rules. I just actually grab another guys copy which is also on this list. But I have almost added many conditional statements, and string streamings and modification in some lines to make the commenting in the new rule almost perfect. I will RELEASE it soon.
This has already been done a good bit. http://www.algonet.se/~nitzer/oinkmaster/
Here is what I did. As an example, I used web-iis.rules 1. I commented 8 lines 2. Run the script I made 3. Upon checking the new generated web-iis.rules, there were at least 13 lines that was commented. So, I kept finding the problem in my script. Until 4 hours of troubleshooting, I opened snortrules.tar.gz which I recently and opened web-iis.rules. I found out that there were already commented rules there. :-) Even the cvs copy of web-iis.rules was already commented.
snortrules.tar.gz is automatically generated from CVS.
What would be the reason why it was commented?
Probably following discussioon on snort-sigs - atleast include the sids or the rules that were commented out. -- Chris Green <cmg () uab edu> Laugh and the world laughs with you, snore and you sleep alone. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule is already commented Ronneil Camara (Jan 24)
- Re: Rule is already commented Brian (Automail) (Jan 24)
- Re: Rule is already commented Chris Green (Jan 25)
- <Possible follow-ups>
- RE: Rule is already commented Ronneil Camara (Jan 25)