[Snort-users] instant snort sigs for new vulnerabilites
bet at ...6163...
Wed Jul 3 10:30:04 EDT 2002
I've got a fairly automated process here. I've a recommendation for
you, though: arrange your automated process so it keeps the previous
rules around, and falls back to them if snort refuses to start. Not
all snortrules.tar.gz files will run unmodified.
So far, I've seen one sort of fix that has been required: some
versions of snortrules ship with an include that references a file
that's not there. I'm fixing that with:
perl -pi.bak -le 's/^/#/ if m#^include .*/(.*)# and ! -f $1' snort.conf
In the snortrules.tar.gz sometime near June 24, this #-ed out the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
More information about the Snort-users