[Snort-users] rule sets on CVS
andreaso at ...236...
Thu Sep 6 08:36:02 EDT 2001
On Thursday 06 September 2001 02:12, Bob Van Cleef wrote:
> I would like to set up a script to routinely download and replace
> the rule sets. Has anyone else done so?
There are a few scripts on http://www.snort.org/downloads.html that you might
want to take a look at. If you're really really brave, you can also try my
> Looking at the cvs source, I have a couple of observations about
> the rule sets.
> 1 - they are all in the top directory, which after the build
> has 286 files in it... of which 28 have the suffix .rules.
> 2 - there is no Makefile option to install them anywhere
> It would be nice to be able to run a CVS update, followed by
> a 'make install' that actually changed the EXTERNAL/INTERNAL
> variables and placed the results in the correct directory.
There are CVS snapshots of the rules available from
It shouldn't be hard to write something that downloads them and modifies the
variables (feature probably already exists in a few of the current scripts).
Personally I don't think that kind of stuff should be in the Makefile.
Whatever way you prefer to update your rules, just don't do it automatically
without your attention. That's dangerous.
Always verify what you downloaded before using it.
More information about the Snort-users