[Snort-users] Rule management
Jason.Haar at ...294...
Tue Nov 27 13:19:03 EST 2001
On Tue, Nov 27, 2001 at 06:33:37AM -0500, Jason Lewis wrote:
> Is anyone updating a master rule list and pushing updates to sensors? I
> have tossed around different ideas for doing this and thought maybe I could
> get some feedback here. I was thinking a directory structure that had
> folders for each sensor and rules were updated automatically via scp.
Yup. I have a cronjob that every night downloads snortrules, unpacks it,
and diffs it against the "live" environ. The diffs are Emailed to me.
When I see there has been an update, I can eyeball what's changed (that's
the "enhanced-security" element :-) and if I like what I see, re-run the
script with the "--live" arg to push those changes live. After going live,
the script rsync's-over-ssh to our other Snort systems...
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
More information about the Snort-users