LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-25-2003, 09:17 PM   #1
zuessh
Member
 
Registered: Jun 2002
Location: USA
Distribution: Suse 8.0
Posts: 247

Rep: Reputation: 30
Question updating snort rules


Is there a way to get a list of all updated snort rules and add them in to my current rules without having to add each individually? I am new to snort and would like to have the most current rules. Thanks
 
Old 11-26-2003, 12:56 PM   #2
zuessh
Member
 
Registered: Jun 2002
Location: USA
Distribution: Suse 8.0
Posts: 247

Original Poster
Rep: Reputation: 30
I found on http://www.whitehats.com/ids/index.html a ruleset retreval or sorting section that appears to have what I am looking for. My next question would be; does anyone have any suggestions or preferences as to which of these would be best? Also, I use webmin to administer snort, will this still work? thanks in advance.
 
Old 11-26-2003, 01:11 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,454
Blog Entries: 54

Rep: Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896
I wouldn't know as I use my own scripts. I would also check out the snort.org download and contrib dirs, lotsa stuff there too, if only because I'm not sure but I don't think Max updates Whitehats.com that much.

If you're going to run multiple sensors make sure anything you run is checked manually on one master station and then distributed. Not to careful handling on the side of the Sourcefire/Snort team have caused ppl using automatic updates at least two glitches (PCRE and another issue).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort, Rules Tredo Linux - Security 1 12-20-2004 12:36 AM
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM


All times are GMT -5. The time now is 07:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration