[Snort-users] Re: Updating Rules

Thompson, Jimi JimiT at ...10836...
Fri Jul 30 19:27:02 EDT 2004


We use a "trusted host" that uses PKI to authenticate and SSH out to
each of the SNORT sensors to push new rules out.  It's scripted and when
we push new rules, we kick off the script.  It goes out, writes the new
rules to each sensor and then restarts SNORT.  It's fairly simple to
write.  I'd attach it, but our hostnames are hard coded in.

Jimi

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Richard
Bejtlich
Sent: Friday, July 30, 2004 4:35 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Re: Updating Rules

Lyndon Tiu wrote:

On a similar note, how do you update automatically?

--

Lyndon,

I documented a sample Oinkmaster session in my Blog:

http://taosecurity.blogspot.com/2004_07_01_taosecurity_archive.html#1089
57531936280978

Keith's recommendation for Oinkmaster is the way to go.

Sincerely,

Richard
http://www.taosecurity.com


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list