Snort mailing list archives
Re: Ubuntu 11.04 / 10 rulesset
From: Mike Lococo <mikelococo () gmail com>
Date: Mon, 31 Oct 2011 11:44:29 -0400
On 10/31/2011 09:42 AM, Marcin Nawrocki wrote:
Do I have to compile / create my own snort rules for the recent versions of ubuntu or can I use the delivered rules for the LTS-version? If I have to do it by myself, how to do this manually?
I recently filed an Ubuntu bug regarding exactly this issue: https://bugs.launchpad.net/ubuntu/+source/snort/+bug/872582 In short, the version of Snort provided with Ubuntu is no longer supported by Sourcefire and will not run recent VRT rules. There is nothing you can do to make it do so. You can run whatever is in the snort-rules package, but I don't believe that the sigs in that package can't have been updated for at least a year. It's more likely that those are the sigs that were released with 2.8.5.2 in December of 2009, and consequently would be missing detection for any threat that has evolved or emerged since then (aka, almost everything that matters). As an alternate, you can custom install pulledpork and use it to download the Emerging-Threats Open ruleset which does still support the 2.8.5.x series. That's a quality ruleset in my opinion and you could do worse than to use it, but you can't run the VRT rules. Another alternative is installing current snort from Source, which is what most serious Snort users do. There are guides out there on how to do so, but it is many many times more work than apt-get install. As an aside, if you use Ubuntu and want the Snort package updated, go log into launchpad and click the "Does this bug affect you" link to move it up their priority list. I'm not sure what rationale Ubuntu is using to decide what version to ship, I have a suspicion that they don't have an active maintainer for the Snort package and that it just isn't getting much attention. Cheers, Mike ------------------------------------------------------------------------------ Get your Android app more play: Bring it to the BlackBerry PlayBook in minutes. BlackBerry App World™ now supports Android™ Apps for the BlackBerry® PlayBook™. Discover just how easy and simple it is! http://p.sf.net/sfu/android-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Ubuntu 11.04 / 10 rulesset Marcin Nawrocki (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Mike Lococo (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Joel Esler (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Nick Moore (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Mike Lococo (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Joel Esler (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Joel Esler (Oct 31)
- Re: Ubuntu 11.04 / 10 rulesset Randal T. Rioux (Nov 01)
- Re: Ubuntu 11.04 / 10 rulesset Joel Esler (Nov 01)
- Re: Ubuntu 11.04 / 10 rulesset Mike Lococo (Oct 31)