[Snort-users] Rule management

Matthias Hofherr Matthias_Hofherr at ...1344...
Wed Nov 28 00:35:08 EST 2001


Hi Jason,

On Tue, 27 Nov 2001, Jason Lewis wrote:

[...]
> Is anyone updating a master rule list and pushing updates to sensors?  I
> have tossed around different ideas for doing this and thought maybe I could
> get some feedback here.  I was thinking a directory structure that had
> folders for each sensor and rules were updated automatically via scp.
> Thoughts?

We at GeNUA are currently working on a project to manage all rules on a
Central Server in a MySQL-DB. The basic ruleset is managed in a master
table, the individual changes to the rules per sensor in another.
An additional table manages all the individual sensor configuration
options.
Via a web-gui (cgi.pm/DBI) it is possible to create flatfiles for each
sensor (snort.conf/*.rules/classification.config...).
The flatfiles reside in a directory structure.
With scp the rules are transferred to the sensors.
With ssh the sensors get a HUP.

We hope to publish the code in Q1 next year under GPL.
If someone is interested in discussing details and sharing ideas,
drop me an email.

Have fun,

Matthias Hofherr

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 Matthias Hofherr             EMail: Matthias_Hofherr at ...4193...
 GeNUA mbH 85551 Kirchheim    Voice: +49 (89) 991950-0
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<





More information about the Snort-users mailing list