[Snort-users] Just FYI

Jim Forster jforster at ...176...
Thu Mar 1 13:06:17 EST 2001

The new 'clean' ruleset is up and ready for download.  There have been some
major changes to this set (many thanks to Brian Caswell) and it is a much
cleaner, more accurate rulebase.
<You will also find that the online database reflects the changes made to
this release.>

Changes include:
1) A modular ruleset design, so entire sets can be disabled with a simple
comment in the snort.conf file.
2) Links to arachNIDS, CVE #'s, Bugtraq IDs, etc.. have been moved from the
'MSG' field to the 'reference' field.  This will break SnortSnarf's HTML
linking for the time being, but the Silicon Defense guys are aware of the
changes and will be updating soon.
3) The snort.conf file has much more information in it to aid in configuring
plugins and tweaking your setup.  We also added more variables to the config
definition, to make breaking out your mail/web servers much easier.
4) This file is built for Snort 1.7.0 and higher only, so be sure you're
current before trying to use it.

NOTE: It is recommended to move any local-network rules you have written
into the local.rules file, especially if you have pass rules you need to
keep...  This 'local.rules' file is in the full download as a blank rule
file, and will not be included after the initial release. - Hopefully people
that must do intense editing for their local networks won't have such a
nightmare doing updates from the Snort.org rulebase now.  :)

Jim Forster
Network Administrator
RapidNet / DakotaConnect

More information about the Snort-users mailing list