[Snort-users] Auto rules update

Dr SuSE drsuse at ...748...
Mon Jan 22 23:56:52 EST 2001

I wrote a simple script to update my vision.rule and I'd like to get some 
opinions/ideas from other Snort users.

I'm using vision.rules and I just needed a simple way of obtaining the latest 
ruleset and removing rules that I do not need.  I know there are some update 
utilities already available but I need the scripting practice and I needed 
something to do while at work.

cd /tmp
wget -q http://www.whitehats.com/ids/vision.rules
/etc/rc.d/snort stop
rm /etc/snort/vision.rules
sed -e '/IDS226/d' -e '/IDS259/d' /tmp/vision.rules > /etc/snort/vision.rules
rm /tmp/vision.rules
/etc/rc.d/snort start
echo Vision Rules Updated!

Microsoft ist nicht installiert.

More information about the Snort-users mailing list