[Snort-users] Updating questions

Jason Lewis jlewis at ...1831...
Thu Apr 19 21:47:41 EDT 2001


While I agree with the automatic download, never say never.

In my situation my sensors automatically download the ruleset from the
master.  The master is updated by hand.

Jason Lewis
http://www.rivalpath.com
"All you can do is manage the risks. There is no security."


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Brian
Caswell
Sent: Thursday, April 19, 2001 9:39 AM
To: Phil
Cc: snort users
Subject: Re: [Snort-users] Updating questions


Phil wrote:
> I have 2 questions:
> 1. I have noticed a lot of people mention that their
> rulesets get updated daily and automatically? Is this
> througha  plug-in, a cron job? What's the most
> efficient way to do this?

This is a REALLY stupid thing to do.  NEVER automate downloading of new
rulesets.  God forbid you downloaded a "broken" ruleset and hose your
system.  NEVER NEVER NEVER do that.  At the MAXIMUM notify yourself when
new rules are available and do it by hand.

How many times do I have to say this to people?  Ever heard of Network
Solutions being absolutely stupid?  I have.  A number of times.  If
someone really wanted to, they could easily rewrote snort.org or
whitehats.com to the mars lunar rover for you to download rules from
outerspace.

> 2. People have mentioned to me upgrading tot he
> snort-daily.tar.gz. That sounds dev-ish/cvs-ish... are
> these releases stable or dev releases?

This version is usually stable.  Maybe we should start a current branch
and a stable branch and maintain them both?  only put fixes in stable,
new features in current.

-brian

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list