[Snort-users] rule sets on CVS

Ramin Alidousti ramin at ...2444...
Wed Sep 5 17:52:02 EDT 2001


On Wed, Sep 05, 2001 at 05:12:25PM -0700, Bob Van Cleef wrote:

> 
> I would like to set up a script to routinely download and replace
> the rule sets.  Has anyone else done so?

Excuse my paranoia but is it wise to do so? How difficult is it to
poison such a download? Maybe it's impossible; I've not thought about
it thoroughly but just the idea of an automatic replacement of such
an important thing seems scary to me.

Ramin

> 
> Looking at the cvs source, I have a couple of observations about
> the rule sets.
> 
> 1 - they are all in the top directory, which after the build
>     has 286 files in it... of which 28 have the suffix .rules.
> 
> 2 - there is no Makefile option to install them anywhere
> 
> It would be nice to be able to run a CVS update, followed by
> a 'make install' that actually changed the EXTERNAL/INTERNAL
> variables and placed the results in the correct directory.
> 
> Bob




More information about the Snort-users mailing list