[Snort-users] secure server push of snort rules

Fyodor fygrave at ...121...
Tue Aug 8 04:28:21 EDT 2000


~ :Fellow snorters,

~ :     I have 5 machines with 3 interfaces each with their own
~ :installs of snort for a grand daddy total of 15 sensors. I'm trying
~ :to come up with a way to push out new rules and turn sensors on and
~ :off from one centralized machine. This is a "no clear text" network
~ :so it would have to be over ssl. Before I even start looking into
~ :perl + NetSSLeay I wanted to make sure I wasn't reinventing the
~ :wheel. Anyone have any ideas or thoughts?

Heh.. check out my post to the list about two days ago with `snortdog' in
subject. I was suggesting to write some sort of daemon/watchdog which
would perform snort-rules transfer on DNS manner. There are only a few
lines of code (C) written on this subject though, basically it's only a
watchdog now, starts snort with it's own command line arguments and
restarts it when it goes down. The rest of functionality is in development
now. I will put a link at snortnet.scorpions.net and probably snort.org
too as soon as there would be something worth to observe.

 if interested in helping the devel. though, drop a line, I will send you
current snapshot.





More information about the Snort-users mailing list