[Snort-sigs] Updating Snort Rules Offline
blueeyes.online at ...2420...
Sat Feb 7 17:07:28 EST 2015
I am hoping you can assist me. I am using Security Onion and I am
attempting to update my Snort IDS rules in it offline (it does not have
internet connectivity). I am not finding any easy steps on how to do this
I have downloaded the "community-rules.tar.gz" and
gz" rule packages manually from Snort.org already.
So far I have completed the following steps:
1. Copied both rule packages to the Desktop of Security Onion
2. Ran both Phase I and Phase II of the Security Onion setup (Security
Onion is up and running now)
3. I went to the /etc/nsm/securityonion.conf file and changed the
LOCAL_NIDS_RULE_TUNING=no to LOCAL_NIDS_RULE_TUNING=yes.
At this point where do I copy these packages to before I run the
rule-update command for PulledPork to process them? Am I missing any other
steps that I need to complete first too?
I don't know if you can help me or not, but it would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs