[Snort-users] secure server push of snort rules

Steve Halligan agent33 at ...187...
Tue Aug 8 11:02:39 EDT 2000


We are doing this now...we use a cron job that makes an ssh2 connection
using hostbased authentication and scp the rules to the remote servers.  We
don't use rsync, hardly seems necessary becuase the rules files are so small
might just as well copy them reguardless of whether they are new or not.
The remote machines have a cron job that HUP's snort periodically.  Thinking
about using the same system to update the binaries.

-----Original Message-----
From: Jeff Seely [mailto:jseely at ...279...]
Sent: Monday, August 07, 2000 7:09 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] secure server push of snort rules


Fellow snorters,
     I have 5 machines with 3 interfaces each with their own installs of
snort for a grand daddy total of 15 sensors. I'm  trying to come up with a
way to push out new rules and turn sensors on and off from one centralized
machine. This is a "no clear text" network so it would have to be over ssl.
Before I even start looking into perl + NetSSLeay I wanted to make sure I
wasn't reinventing the wheel. Anyone have any ideas or thoughts?

------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000808/120a8ec8/attachment.html>


More information about the Snort-users mailing list