[Snort-users] Diff'ing rulesets
Chr. v. Stuckrad
stucki at ...3882...
Tue Jan 8 08:15:03 EST 2002
Just a small warning, what if somebody has 'broken' a rule
into several lines by adding '\' at the end of lines?
redalert tcp $EXTERNAL_NET any -> $SSH_AFFECTED 22 \
(msg:"EXPLOIT ssh explicitely kill connection"; \
So may be the third line was changed to
If somebody changes only *part* of (a partial line of!) a rule
the 'diff' catches only this *part* and possibly appends nonsense ?!
Sincerely yours, Stucki
On Tue, Jan 08, 2002 at 10:47:18AM -0500, Andy Wood wrote:
> diff -b current_mod.rules new.rules | awk '/>/' | \
> I think this will work.....it worked here.
More information about the Snort-users