[Snort-users] Updating Rules?

Paul Schmehl pauls at ...6838...
Thu Feb 12 15:39:08 EST 2004


--On Thursday, February 12, 2004 03:59:53 PM -0600 Dusty Hall 
<halljer at ...8709...> wrote:

> I guess I'll update as soon as possible...  I think this needs to be
> changed though:
>
> http://www.snort.org/dl/rules/  reads:
>
> ->  If you are using 2.1.*, please use snortrules-snapshot-2_1 rules. <-
>
> Because snortrules-snapshot-2_1 rules.tar.gz BREAKS 2.1.0.  If I was
> using autoupdate with Oinkmaster and used that info I would have had
> problems due to the flowbits addition.  Luckily I manually update my
> rules using Oinkmaster and inspect the results :).

I updated mine with oinkmaster.  All I had to do was grep the rules files 
for "flowbits" and add the rules returned to the "disablesid" list in 
oinkmaster.conf.  End of problem.  When the flowbits "problem" gets fixed, 
I'll re-enable them.  Piece of cake.

Oinkmaster rules.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list