[Snort-sigs] snort rule update

Paul M. Sittler psittler at ...1370...
Tue Sep 2 06:26:16 EDT 2003


On Mon, 1 Sep 2003, Jeanne Mode wrote:

> hi ,
> how to update automaticly snort rules?

I have a script that does it - run from a cron job:

==========================================================================
#!/bin/bash
#
# SnortRules.sh - bash shell script to update snort 2.0.0 rules.
#
# This script is called by an entry in the /var/spool/crontabs/root file:
#

/bin/date

cd /user/src/Snort/

/usr/bin/wget -N http://www.snort.org/dl/rules/snortrules-stable.tar.gz

cd /user/src/Snort/snort-2.0.0/

/bin/tar zxf /user/src/Snort/snortrules-stable.tar.gz

cp /user/src/Snort/experimental.rules           \
   /user/src/Snort/snort-2.0.0/rules/

cp /user/src/Snort/snort-2.0.0/rules/classification.config      \
   /user/src/Snort/snort-2.0.0/etc/classification.config

cp /user/src/Snort/snort-2.0.0/rules/gen-msg.map                \
   /user/src/Snort/snort-2.0.0/etc/gen-msg.map

cp /user/src/Snort/snort-2.0.0/rules/reference.config   \
   /user/src/Snort/snort-2.0.0/etc/reference.config

cp /user/src/Snort/snort-2.0.0/rules/sid-msg.map                \
   /user/src/Snort/snort-2.0.0/etc/sid-msg.map

# Shut down snort
/bin/killall snort

/user/src/Snort/RunSnort.sh

/bin/date
==========================================================================


> thanks
> Maurice Sleiman
> +41223079920
> Gestronic Geneva




-------
Paul M. Sittler, TCE EIT	InterNet E-Mail: p-sittler at ...1371...
Voice Phone: 979 845-9689	Numeric Pager: 979 228-3780
Pager:	Send < 240 char. alphanumeric message to pager:
Via WWW: "www.metrocall.com" --> "Send A Page" --> "To:9792283780"
Via InterNet E-Mail: "9792283780 at ...1372..."




More information about the Snort-sigs mailing list