[Snort-users] Snort rules touble.

Andreas Östling andreaso at ...236...
Fri Jun 21 13:51:02 EDT 2002


On Fri, 21 Jun 2002, Erek Adams wrote:
...
> Many times when folks update new rules, they don't really read or understand
> the rules, they just say "Hey, look--It's commented out.  I'll add it back in
> so that I'm running _all_ the rules--That way I'll be even _more_ protected!"
> That's not a Good Idea(tm).  :)  As our Rule Nazi (Cazz) has said "Things are
> commented out for a reason.  Don't uncomment them unless you understand why
> they were commented out in the first place."
>
> There is a script that will update your rules that someone on the list has
> written.  It works very well, except for one tiny quirk--By default, it
> uncomments any commented out rules.  The author has already said that should
> be an option and not a default, so use caution when/if using scripts to update
> your rules.  Heh...  One more reason to do it yourself....  ;-)
...

Uhm... I'm... uhm... kind of guilty.

But I FINALLY fixed this a while ago:
http://devel.it.su.se/cgi-bin/local/cvsweb.cgi/oinkmaster/oinkmaster.pl.diff?r1=1.32&r2=1.33

(Perhaps this version should be released right away to avoid further
confusion?)

Regards,
Andreas Östling





More information about the Snort-users mailing list