Snort mailing list archives
Re: Pulled Pork Not Enableing ET Rules
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Fri, 20 May 2011 19:41:36 +0000
On 5/20/2011 7:06 PM, Gibson, Nathan J. (HSC) wrote:
enablesid.conf and disablesid.conf have documentation in the files themselves that is pretty straight forward. Also, you don't want to be enabling all the rules in the ET ruleset in those files. They have several disabled by default rules for a reason. pulledpork will enable all the rules files that it downloads by default, so you should only disable which files you do not want inside of the pulledpork.conf's ignore option.I need some help. I noticed recently that PP is not enabling my ET rule sets and for the life of me I can figure out why. Config details are below. PP verbose output attached and rules file attached.
example from my pulledpork.conf: ---snip--- ignore=emerging-botcc-BLOCK.rules,emerging-chat.rules,emerging-compromised-BLOCK.rules,emerging-deleted.rules,emerging-drop.rules,emerging-drop-BLOCK.rules,emerging-dshield.rules,emerging-dshield-BLOCK.rules,emerging-games.rules,emerging-icmp.rules,emerging-icmp_info.rules,emerging-rbn-BLOCK.rules,emerging-shellcode.rules,emerging-tor-BLOCK.rules,deleted.rules,experimental.rules,icmp.rules,icmp-info.rules,info.rules,shellcode.rules,local.rules,decoder.preproc,preprocessor.preproc,sensitive-data.preproc ---snip---Just put what you want to omit into the ignore list, otherwise the default behavior is to enable the rule.
-- Eoin
------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
- Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
- Re: Pulled Pork Not Enableing ET Rules Eoin Miller (May 20)
- Re: Pulled Pork Not Enableing ET Rules JJC (May 20)
- Re: Pulled Pork Not Enableing ET Rules Eoin Miller (May 20)
- Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
- Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
- Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
- Re: Pulled Pork Not Enableing ET Rules Eoin Miller (May 20)
- Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)