[Snort-users] Updating questions

Jason Lewis jlewis at ...1831...
Thu Apr 19 21:47:41 EDT 2001

While I agree with the automatic download, never say never.

In my situation my sensors automatically download the ruleset from the
master.  The master is updated by hand.

Jason Lewis
"All you can do is manage the risks. There is no security."

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Brian
Sent: Thursday, April 19, 2001 9:39 AM
To: Phil
Cc: snort users
Subject: Re: [Snort-users] Updating questions

Phil wrote:
> I have 2 questions:
> 1. I have noticed a lot of people mention that their
> rulesets get updated daily and automatically? Is this
> througha  plug-in, a cron job? What's the most
> efficient way to do this?

This is a REALLY stupid thing to do.  NEVER automate downloading of new
rulesets.  God forbid you downloaded a "broken" ruleset and hose your
system.  NEVER NEVER NEVER do that.  At the MAXIMUM notify yourself when
new rules are available and do it by hand.

How many times do I have to say this to people?  Ever heard of Network
Solutions being absolutely stupid?  I have.  A number of times.  If
someone really wanted to, they could easily rewrote snort.org or
whitehats.com to the mars lunar rover for you to download rules from

> 2. People have mentioned to me upgrading tot he
> snort-daily.tar.gz. That sounds dev-ish/cvs-ish... are
> these releases stable or dev releases?

This version is usually stable.  Maybe we should start a current branch
and a stable branch and maintain them both?  only put fixes in stable,
new features in current.


Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list