[Snort-users] re: instant snort sigs for new vulnerabilites

Hicks, John JHicks at ...5857...
Wed Jul 3 07:32:07 EDT 2002


My solution is to 'manage' my rulesets via ActiveWorx IDS Policy Manager
from my normal Win32 desktop. I would never trust an auto-update in a
production environment.

IDS Policy Manager has great features including auto-updates and merging. It
even allows you to securely upload via SCP. Adding a simple dumby-file to
the upload can be used to script a restart of a node.

John

-----Original Message-----
From: Andreas Östling [mailto:andreaso at ...236...]
Sent: Wednesday, July 03, 2002 4:03 AM
To: Maarten
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] re: instant snort sigs for new vulnerabilites


On Wednesday 03 July 2002 09.15, Maarten wrote:

> One downside: oinkmaster deactivates (at least the version I once
> downloaded) sids by placing a "#" at the beginning of a rule. 

I only does so for the sids you tell Oinkmaster to disable. This is a
feature 
and I don't get why this would be a downside.
(Or would you for some reason prefer that the unwanted rules were removed 
instead of commented out?)

> It also
> activates all rules with a "#" at the beginning of a line when they are
not
> specified by oinkmaster. Since the new 1.9 rules are commented out with a
> "#", you will have problems with 1.8 because oinkmaster uncomments the
> lines.

... Unless you specify "-p" which will preserve the commented out lines.

I agree this is stupid, and this has been changed in 0.6 which will be 
released as soon as I have a free minute :)

Regards,
Andreas Östling



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list