[Snort-users] rule sets on CVS

Andreas Östling andreaso at ...236...
Thu Sep 6 08:36:02 EDT 2001


On Thursday 06 September 2001 02:12,  Bob Van Cleef wrote:

> I would like to set up a script to routinely download and replace
> the rule sets.  Has anyone else done so?

There are a few scripts on http://www.snort.org/downloads.html that you might 
want to take a look at. If you're really really brave, you can also try my 
script, http://nitzer.dhs.org/oinkmaster/


> Looking at the cvs source, I have a couple of observations about
> the rule sets.
>
> 1 - they are all in the top directory, which after the build
>     has 286 files in it... of which 28 have the suffix .rules.
>
> 2 - there is no Makefile option to install them anywhere
>
> It would be nice to be able to run a CVS update, followed by
> a 'make install' that actually changed the EXTERNAL/INTERNAL
> variables and placed the results in the correct directory.
>

There are CVS snapshots of the rules available from 
http://www.snort.org/downloads.html 
(http://www.snort.org/downloads/snortrules.tar.gz)
It shouldn't be hard to write something that downloads them and modifies the 
variables (feature probably already exists in a few of the current scripts). 
Personally I don't think that kind of stuff should be in the Makefile.

Whatever way you prefer to update your rules, just don't do it automatically 
without your attention. That's dangerous.
Always verify what you downloaded before using it.

Regards,
Andreas Östling




More information about the Snort-users mailing list