[Snort-users] rules update

Matt Kettler mkettler at ...4108...
Tue Nov 20 08:31:04 EST 2001


This is true, so my complexity argument against automatic cron job updates 
of rule files is invalid.

Still it is not likely a good idea to automatically update from a cron job 
for the other reasons (purposeful or accidental check-in dysfunctional 
rules, etc).

And with CVS there is the further issue that the current CVS snort rules 
may only work with the current CVS code, so if you update one, you should 
consider updating both.

Perhaps I'm off-base, but it does strike me as a bad idea to automatically 
pull rules updates from CVS. Although I do agree with the idea of using cvs 
update to pull out the latest rules manually with minimal headaches.

Anyone have any more insightful comments on that issue than I can provide?


At 09:29 PM 11/19/2001, Martin Roesch wrote:
>Since the snort-current rules stuff is just built out of CVS, you could
>always to a 'cvs update' and not have to worry about custom local
>configuration getting whacked...
>
>      -Marty





More information about the Snort-users mailing list