[Snort-users] Rules for version1.8.6
mkettler at ...4108...
Mon Dec 2 08:53:39 EST 2002
In general there's no "maintenance" of snort rules for ancient versions.
The snort team keeps 2 rulesets available and updated, one for the latest
officially released version, and one for the latest CVS branch. It's a lot
of effort to keep 2 rulesets updated, and to go back to 1.8.6 they'd need
to support at least 3, if not 4 (cvs, 1.9.0, 1.8.7, 1.8.6)
My recommendation would be to upgrade to 1.9.0 ASAP and treat any effort
put into 1.8.6 as "learning the system".. I'd not try to update it but if
you insist you might be able to extract the rules from the 1.8.7 tarball
and they *might* work on 1.8.6.
Quite frankly upgrading rulesets tends to be as difficult as upgrading
snort versions. The hardest part is getting your snort.conf right, and
upgrading rulesets, particularly when you are going so far forward, often
requires a new snort.conf. (ie: if the new rules have new variables, or new
rulefiles were added, they need to be in snort.conf). At that point you may
as well install 1.9.0, or at least 1.8.7.
At 06:07 AM 12/2/2002 -0800, David Stubblefield wrote:
>First off I am a newbie. I am currently in an environment that is running
>Snort 1.8.6. I have been asked to come up to speed on that system and
>then upgrade to the latest version. So I am working on installing version
>1.8.6 via the Snort Installation Manual - Snort, MySQL, Red hat 7.3. I
>have downloaded and installed snort1.8.6 as well as MySQL client and dev
>rpm's. Now I would like to download the signatures but all I see is
>signatures for 1.9. Is it possible to get the signatures for 1.8.6 and if
>so where? Also I am open to any and all suggestions regarding getting
>1.8.6 up and running and then upgrading to the latest version. Anyone's
>time and consideration regarding this is greatly appreciated.
>Thanks in advance,
More information about the Snort-users