[Snort-users] updating rules through webinterface
jean-baptiste.lallement at ...1699...
Fri Mar 30 07:42:28 EST 2001
At 30/03/2001 13:21, Roeland Weve wrote:
>Another point why I'm making this, is to check if there are new rules.
>I have to get the latest version of the rules from the internet and
>compare them with the rules on the ids. So, does anybody knows how I
>can get the latest rules from the internet?
> >From snort it isn't possible, because the directorie contains a date:
>The date will change, if the latest rules are saved like
>'http://www.snort.org/Files/snortrules.tar.gz' it would be better, so I
>can always get the latest rules with wget or something.
>I was thinking of CVS, but I do not know how to get all the rules as
>simple as possible. I don't want to do it by name (sql.rules) but by
>syntax (*.rules). So, if there will be a new ruleset (blalba.rules) it
>also takes that file and I can include it.
You may obtain the full ruleset by sending a GET to ( using cURL, wget,
lynx, ... ):
To get a particular ruleset ( ex DDOS )
This will extract the ruleset directly from the online DB.
Hope this helps
>Then the compare part will be done by diff or something.
>Maybe I will make this part in perl, so I can crontab it daily and mail
>the difference between the rulesets. (I saw already some progz doing
>something like this).
>If it's ready I will put it on the mailing list.
>Some disadvantages are that you have to change the directory where the
>rule files are saved (now I have to snort.conf in /etc/snort and the
>rules in /var/www/html/rules/, that's because I can savely change the
>write and read rights there...).
>Well, if anybody has any idea's or knows existing programs that I can
>use, etc. I will be really appreciated!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
ZENI CORPORATION http://zeni.fr
Tél : 0.803.003.111 Fax : 03.44.57.35.55
More information about the Snort-users