[Snort-sigs] Updating Snort Rules Offline

Jeffrey blueeyes.online at ...2420...
Sat Feb 7 17:07:28 EST 2015


Hello,
     I am hoping you can assist me.  I am using Security Onion and I am
attempting to update my Snort IDS rules in it offline (it does not have
internet connectivity).  I am not finding any easy steps on how to do this
online anywhere.

I have downloaded the "community-rules.tar.gz" and
"snortrules-snapshot-2970.tar.
gz" rule packages manually from Snort.org already.

So far I have completed the following steps:

1. Copied both rule packages to the Desktop of Security Onion

2. Ran both Phase I and Phase II of the Security Onion setup (Security
Onion is up and running now)

3. I went to the /etc/nsm/securityonion.conf file and changed the
LOCAL_NIDS_RULE_TUNING=no to LOCAL_NIDS_RULE_TUNING=yes.

At this point where do I copy these packages to before I run the
rule-update command for PulledPork to process them?  Am I missing any other
steps that I need to complete first too?

I don't know if you can help me or not, but it would be appreciated.

Sincerely,
Jeffrey Hilgers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150207/b1668ee4/attachment.html>


More information about the Snort-sigs mailing list