[Snort-users] instant snort sigs for new vulnerabilites

Bennett Todd bet at ...6163...
Wed Jul 3 10:30:04 EDT 2002


I've got a fairly automated process here. I've a recommendation for
you, though: arrange your automated process so it keeps the previous
rules around, and falls back to them if snort refuses to start. Not
all snortrules.tar.gz files will run unmodified.

So far, I've seen one sort of fix that has been required: some
versions of snortrules ship with an include that references a file
that's not there. I'm fixing that with:

perl -pi.bak -le 's/^/#/ if m#^include .*/(.*)# and ! -f $1' snort.conf

In the snortrules.tar.gz sometime near June 24, this #-ed out the
line

	include $RULE_PATH/experimental.rules

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020703/21733c52/attachment.sig>


More information about the Snort-users mailing list