[Snort-users] oinkmaster - disabling rules without getting new updates

Andreas Östling andreaso at ...236...
Tue Sep 20 00:15:35 EDT 2005


On Monday 19 September 2005 23:12, Humes, David G. wrote:
> The oinkmaster
> documentation is fairly insistent about not editing the rules files
> directly.  But, one approach is to edit the appropriate rules file
> and restart snort, and also edit the oinkmaster.conf file to make
> certain the rule does not get re-enabled. 

That sounds like a good way to do it. The documentation is insistent 
about not editing rules files directly mostly because it's easy to do 
manual tweaks in them and forget that Oinkmaster will overwrite the 
rules in the next update. But you obviously understand how it works so 
I don't see a problem with that.

/Andreas




More information about the Snort-users mailing list