[Snort-users] rules update

Martin Roesch roesch at ...1935...
Sat Nov 24 13:57:02 EST 2001


> This is true, so my complexity argument against automatic cron job updates
> of rule files is invalid.
> 
> Still it is not likely a good idea to automatically update from a cron job
> for the other reasons (purposeful or accidental check-in dysfunctional
> rules, etc).

True, I don't recommend auto-updating ever, but that's my personal
preference (I have a number of reasons for it, of course). :)

> And with CVS there is the further issue that the current CVS snort rules
> may only work with the current CVS code, so if you update one, you should
> consider updating both.

Right.  I will say that I don't think we're going to be making any
changes to the rule spec for a bit though.

> Perhaps I'm off-base, but it does strike me as a bad idea to automatically
> pull rules updates from CVS. Although I do agree with the idea of using cvs
> update to pull out the latest rules manually with minimal headaches.

Yup.  Auto-incorporation is a bad idea, but you can certainly see what's
going on, what's changed and have an active method of getting updates
without hosing your configuration.


     -Marty


> Anyone have any more insightful comments on that issue than I can provide?
> 
> At 09:29 PM 11/19/2001, Martin Roesch wrote:
> >Since the snort-current rules stuff is just built out of CVS, you could
> >always to a 'cvs update' and not have to worry about custom local
> >configuration getting whacked...
> >
> >      -Marty

--
Martin Roesch
roesch at ...1935...
http://www.sourcefire.com - http://www.snort.org






More information about the Snort-users mailing list