[Snort-users] rules update script and consistency

adulau-snort at ...1558... adulau-snort at ...1558...
Mon Oct 1 23:32:01 EDT 2001


Hello All,

Here it is my trouble, I want to update automatically my rules set without
having to change back my false-positive removed rules. 
I have seen this scripts, snort-update. Snort-update is doing only a diff
of the existing rules and send a mail for doing manually the mv. 

I plan to do a script like that : 

-> Concentrate all the rules, in one files. 
-> Make modification with using this script (or the script via Webmin).

	The script keep two files : one activated rule list and one
				    desactivated rule list.
-> When i get snort rule from snort.org or from whitewhats, it's generate
a new activated rule list and remove the entry available in desactivated
rule list. 
-> So we have new rules but the already desactivated rules...

Is there any script like that for the moment, or i need to do it ? 
(To not do the work 2 times 8-))

Thanks a lot

Alexandre Dulaunoy
--
http://www.foo.be/







More information about the Snort-users mailing list