[Snort-users] Snort upgrades in vendor-provided packages/installs (e.g. mdk)

Erek Adams erek at ...950...
Thu Jan 30 06:46:02 EST 2003

On Thu, 30 Jan 2003, stefmit wrote:

> Sorry if this has been answered before, but my query on
> http://sourceforge.net/search/ in the snort list archives turned up nothing:
> what is the best/recommended/your_own_experience way of upgrading a vendor
> "packed" snort, with the 1.9.0 tar-balls? Here is my problem: I have
> installed a Mandrake-provided snort-mysql + acid combination (ver. 1.8.7),
> had it running the way I wanted it ... just to find out that 1.8.7 does not
> get any rules updates anymore. The rules for 1.9.0 won't work (new "keywords"
> ... you know the drill), so now I ended up with all sorts of configs in some
> "non-std" places (the Mandrake-way), and I would like to upgrade to 1.9.0,
> without being forced to wipe clean all the stuff from the 1.8.7_mdk install.
> Abybody having any good advise on this (or at least point me to the place for
> such a subject, in regards to RTFM)?

Well...  You should move to the newer version, that is true.  An easy
way--Not off the top of my head.

Try this:

	*  Using the RPM info or files flags, get a list of all files
associated with the packages.  AFAIK, you really only care about
snort.conf.  I'd make a copy of all config files (snort, acid, and php)
and rules in a backup dir.
	*  Remove the RPMs.
	*  Install the new versions from scratch.  Then update the new
configs with your specific data from the old.  Note:  Don't just copy your
old ones over the new.  That's a 'Bad Thing' (tm).  :)

Granted, it's not pretty or quick, but it will work.  Look on the bright
side, once you do that, future updates will be much less painful!  :)


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list