[Snort-sigs] best practice on local signature maintanence

Michael Boman michael.boman at ...267...
Fri Aug 23 02:04:02 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 23 August 2002 15:26, DoL wrote:
> Hi All
>
> Just wondering how do some of you (we) add our own local signature (or even
> rule files / changes made to existing signature) and yet be able to
> maintain the master from snort.org?  Do you normally keep a separate set of
> signatures (rule files) for local, and add the corresponding include
> statement to the snort.conf ?
>
> Thanks
> /dl

I use Oinkmaster's modifysid regexp to fix what I concider bad rules (for an 
example, "POLICY P2P GNUTella GET" (sid: 1432) should use !$HTTP_PORTS 
instead of !80. I also use the same function to add tag's etc. Nifty tool.

PS
 0.7 is not released yet, but you can get is using CVS
DS

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9ZfpXds5fQJiraJwRAgsSAKC+zltV4MtqFDZQ3Uh29z+A1TWTmwCeIMRd
Qw60JQ3meUtbU/Zs481R6rU=
=pUju
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list