[Snort-users] Rules for version1.8.6

Matt Kettler mkettler at ...4108...
Mon Dec 2 08:53:39 EST 2002


In general there's no "maintenance" of snort rules for ancient versions. 
The snort team keeps 2 rulesets available and updated, one for the latest 
officially released version, and one for the latest CVS branch. It's a lot 
of effort to keep 2 rulesets updated, and to go back to 1.8.6 they'd need 
to support at least 3, if not 4 (cvs, 1.9.0, 1.8.7, 1.8.6)

My recommendation would be to upgrade to 1.9.0 ASAP and treat any effort 
put into 1.8.6 as "learning the system".. I'd not try to update it but if 
you insist you might be able to extract the rules from the 1.8.7 tarball 
and they *might* work on 1.8.6.

Quite frankly upgrading rulesets tends to be as difficult as upgrading 
snort versions. The hardest part is getting your snort.conf right, and 
upgrading rulesets, particularly when you are going so far forward, often 
requires a new snort.conf. (ie: if the new rules have new variables, or new 
rulefiles were added, they need to be in snort.conf). At that point you may 
as well install 1.9.0, or at least 1.8.7.






At 06:07 AM 12/2/2002 -0800, David Stubblefield wrote:
>Hello,
>
>First off I am a newbie.  I am currently in an environment that is running 
>Snort 1.8.6.  I have been asked to come up to speed on that system and 
>then upgrade to the latest version.  So I am working on installing version 
>1.8.6 via the Snort Installation Manual - Snort, MySQL, Red hat 7.3.  I 
>have downloaded and installed snort1.8.6 as well as MySQL client and dev 
>rpm's.  Now I would like to download the signatures but all I see is 
>signatures for 1.9.  Is it possible to get the signatures for 1.8.6 and if 
>so where?  Also I am open to any and all suggestions regarding getting 
>1.8.6 up and running and then upgrading to the latest version.  Anyone's 
>time and consideration regarding this is greatly appreciated.
>
>
>Thanks in advance,
>David Stubblefield





More information about the Snort-users mailing list