[Snort-users] Snort upgrades in vendor-provided packages/installs (e.g. mdk)
erek at ...950...
Thu Jan 30 06:46:02 EST 2003
On Thu, 30 Jan 2003, stefmit wrote:
> Sorry if this has been answered before, but my query on
> http://sourceforge.net/search/ in the snort list archives turned up nothing:
> what is the best/recommended/your_own_experience way of upgrading a vendor
> "packed" snort, with the 1.9.0 tar-balls? Here is my problem: I have
> installed a Mandrake-provided snort-mysql + acid combination (ver. 1.8.7),
> had it running the way I wanted it ... just to find out that 1.8.7 does not
> get any rules updates anymore. The rules for 1.9.0 won't work (new "keywords"
> ... you know the drill), so now I ended up with all sorts of configs in some
> "non-std" places (the Mandrake-way), and I would like to upgrade to 1.9.0,
> without being forced to wipe clean all the stuff from the 1.8.7_mdk install.
> Abybody having any good advise on this (or at least point me to the place for
> such a subject, in regards to RTFM)?
Well... You should move to the newer version, that is true. An easy
way--Not off the top of my head.
* Using the RPM info or files flags, get a list of all files
associated with the packages. AFAIK, you really only care about
snort.conf. I'd make a copy of all config files (snort, acid, and php)
and rules in a backup dir.
* Remove the RPMs.
* Install the new versions from scratch. Then update the new
configs with your specific data from the old. Note: Don't just copy your
old ones over the new. That's a 'Bad Thing' (tm). :)
Granted, it's not pretty or quick, but it will work. Look on the bright
side, once you do that, future updates will be much less painful! :)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users