[Snort-users] Re: Updating Rules

Esler, Joel - Contractor joel.esler at ...9426...
Mon Aug 2 07:44:05 EDT 2004


How do you "hardcode" a script?  You can't replace the hostnames with
XXXXXXXX?

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Thompson,
Jimi
Sent: Friday, July 30, 2004 10:27 PM
To: Richard Bejtlich; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Re: Updating Rules


We use a "trusted host" that uses PKI to authenticate and SSH out to
each of the SNORT sensors to push new rules out.  It's scripted and when
we push new rules, we kick off the script.  It goes out, writes the new
rules to each sensor and then restarts SNORT.  It's fairly simple to
write.  I'd attach it, but our hostnames are hard coded in.

Jimi

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Richard
Bejtlich
Sent: Friday, July 30, 2004 4:35 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Re: Updating Rules

Lyndon Tiu wrote:

On a similar note, how do you update automatically?

--

Lyndon,

I documented a sample Oinkmaster session in my Blog:

http://taosecurity.blogspot.com/2004_07_01_taosecurity_archive.html#1089
57531936280978

Keith's recommendation for Oinkmaster is the way to go.

Sincerely,

Richard
http://www.taosecurity.com


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




More information about the Snort-users mailing list