[Snort-sigs] Ruleset changes at Bleedingsnort.com

Matt Jonkman matt at ...2436...
Wed Dec 29 13:23:00 EST 2004


We've made some organizational moves to the rulesets. The Scan, DOS, 
EXPLOIT, ATTACK RESPONSE, and WEB rules are now in their own rulesets. 
There were enough of each to justify it for organizational reasons.

What this means to you:
If you're not just using the bleeding-all ruleset you need to add the 
following to your snort.conf...

include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-web.rules
include $RULE_PATH/bleeding-attack_response.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-scan.rules

Be sure to do so before your next update or you'll be missing a few sigs.

Comments welcome, let me know if we moved any incorrectly.

Matt





More information about the Snort-sigs mailing list