Snort mailing list archives
Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf!
From: Teo En Ming <teo.en.ming () gmail com>
Date: Sat, 12 Apr 2014 14:37:37 +0800
You still need a program to check if the rule files in /etc/snort/rules are missing in the include statements in /etc/snort/snort.conf. Here is the output from my Linux shell script: [root@localhost teo-en-ming]# ./detect-missing-snort-rule-files.sh black_list.rules not included in /etc/snort/snort.conf! deleted.rules not included in /etc/snort/snort.conf! VRT-License.txt not included in /etc/snort/snort.conf! white_list.rules not included in /etc/snort/snort.conf! Teo En Ming On Sat, Apr 12, 2014 at 2:09 PM, Jeremy Hoel <jthoel () gmail com> wrote:
You do know that snort will tell you if it's missing rules when you run a test, right? snort -T -c <path to config file> No reason to have a script check it for you.. Plus, if you use pulledpork then you just have (probably) snort.rules and local.rules. On Fri, Apr 11, 2014 at 11:59 PM, Teo En Ming <teo.en.ming () gmail com>wrote:===Start of Linux shell script=== #!/bin/sh # Linux shell script: detect-missing-snort-rule-files.sh # Written by: Teo En Ming # Email: teo.en.ming () gmail com # Date: 12 April 2014 Saturday 1:00 P.M. Singapore Time # Version: 1.0 # # This program detects missing rule files in your /etc/snort/snort.conf configuration file. # RULE_PATH=/etc/snort/rules SNORT_CONF=/etc/snort/snort.conf cd $RULE_PATH for i in `ls -1 $RULE_PATH` do grep "^include \$RULE_PATH/$i" $SNORT_CONF > /dev/null if [ $? -ne 0 ] then echo "$i not included in $SNORT_CONF!" fi done ===End of Linux shell script=== ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf! Teo En Ming (Apr 11)
- Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf! Jeremy Hoel (Apr 11)
- Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf! Teo En Ming (Apr 11)
- Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf! waldo kitty (Apr 12)
- Re: I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf! Jeremy Hoel (Apr 11)