[Snort-users] snort-update change

Jason Haar Jason.Haar at ...294...
Sun Sep 3 22:55:33 EDT 2000

Currently there is no sanity checks in snort-update to ensure that the newly
downloaded vision.rules is complete or not.

Currently dev.whitehats.org is down, and snort-update is sending me Email
showing all the changes (diff) between my current vision.rules and
vision.rules.new - which is zero bytes :-)

How about adding the following to snort-update

if test -s ${VISIONRULES}.new

...before the chmod, etc section at the bottom?

Better yet, could the owner of vision.rules do something like ensure it
always ends with a specific comment line (e.g. "#EOF") so that scripts such
as snort-update could check for that?


Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

More information about the Snort-users mailing list