[Snort-users] Updating slaves

Jason Lewis jlewis at ...1831...
Fri Apr 20 21:11:58 EDT 2001


I am planning on doing the same thing, but I am about a 3 weeks away from
getting started.  I am the middle of a network infrastructure rollout.

I would be interested in anything you are doing.  I might even be able to
donate some free time.

Jason Lewis
http://www.rivalpath.com
"All you can do is manage the risks. There is no security."


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Sean
Walberg
Sent: Friday, April 20, 2001 10:25 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Updating slaves


What I'm setting up now is distribution of the rulesets by RPM.  Basically,
I generate an rpm of the snort rulesets, and force the slaves to install
them from the master via http.  The master will be updated  manually, with
the help of some scripts.  GPG will also be used to verify the package.

Along these lines, I'm using KickStart to generate a snort sensor (ie slave)
without user intervention.  Pop in a disk, boot the computer, 5 minutes
later you have a stripped down Linux box running snort.  That part is done,
but I'm just working on the ruleset stuff, since in my situation the
variables like HOME_NET will be different for each box.

I also plan to wrap this in a web interface...

Anyone doing similar work?

Sean

--
Sean Walberg <swalberg at ...1860...>
Communications Eng, Comm & Info Svcs
Health Sciences Centre [204-787-1010]


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list