[Snort-sigs] rules licensing

Brian bmc at ...95...
Thu Sep 11 19:45:39 EDT 2003


On Wed, Sep 10, 2003 at 07:20:58PM +0200, Milani Paolo wrote:
> I am wondering about what the licensing policy is for the snort rules being distributed. The rules files themselves do not have the GPL notice that can be found at the head of snort source files, only a copyright notice. But they are available for everyone to download, and are a result of collaborative work from the snort community. So what is the policy about copying/distributing snort rule files (the ones downloaded from the snort site, or modified versions thereof)?

We've been down this road many times.  The rules are licensed as GPL.

You can distribute rules in the same fashion as anything else GPLed.
BTW, many IDS companies support snort rules.  Correction, many companies
support a subset of the features provided by snort rules.  

> Examples: can whoever modify some snort rules and put them up on a webserver for everyone to use?

Sure.  As long as the rules are GPLed.

> if free-ids.org develops a new opensource ids software that can read snort syntax, can he ship snort rule files with it? does this force him to go GPL for his entire project (rather than use some other free software license)?

Nope, just the rules.

> if make-money-with-ids.com sells a NIDS developed from scratch but compatible with snort syntax, can he ship those rule files with it? can their customers download the rule files themselves? 

Sure, as long as they are shipped in a GPL compatable manor.  A number
of IDS vendors do this.  We (the snort team) would prefer if you published
the fact you are using our rules up front.  Intrusion.com has been
shipping our rules for a long time, only to add a comment [0] after we
bitched.

-brian

[0] Of course, the comment went from how their user community wrote the
    rules to how the user community wrote the rules or maybe but
    unlikely other sites like snort.org & whitehats.com might have
    contributed some of them.




More information about the Snort-sigs mailing list