[Snort-users] Updating slaves

Sean Walberg SWalberg at ...1859...
Fri Apr 20 10:25:20 EDT 2001


What I'm setting up now is distribution of the rulesets by RPM.  Basically,
I generate an rpm of the snort rulesets, and force the slaves to install
them from the master via http.  The master will be updated  manually, with
the help of some scripts.  GPG will also be used to verify the package.

Along these lines, I'm using KickStart to generate a snort sensor (ie slave)
without user intervention.  Pop in a disk, boot the computer, 5 minutes
later you have a stripped down Linux box running snort.  That part is done,
but I'm just working on the ruleset stuff, since in my situation the
variables like HOME_NET will be different for each box.

I also plan to wrap this in a web interface...

Anyone doing similar work?

Sean

--
Sean Walberg <swalberg at ...1860...>
Communications Eng, Comm & Info Svcs
Health Sciences Centre [204-787-1010]





More information about the Snort-users mailing list