[Snort-users] VRT SO rules path

Matt Watchinski mwatchinski at ...1935...
Wed Apr 15 00:01:16 EDT 2009


Just to be sure your talking about the snort.conf in the etc/ dir in
the rule-snapshots?

If so i'll get this cleaned up.

Thanks
-matt

On Tue, Apr 14, 2009 at 10:05 PM, Stephen Reese <rsreese at ...11827...> wrote:
> This may just be me but I noticed that when I installed Snort 2.8.4 on
> my Debian Lenny box it created:
>
> /usr/local/lib/snort_dynamicrules
>
> but my snort.conf that I got with my latest ruleset had:
>
> dynamicdetection file /usr/local/lib/snort_dynamicrule/bad-traffic.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/chat.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/dos.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/exploit.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/imap.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/misc.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/multimedia.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/netbios.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/nntp.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/p2p.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/smtp.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/sql.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/web-client.so
> dynamicdetection file /usr/local/lib/snort_dynamicrule/web-misc.so
>
> notice the lacking (s)... No biggy just wanted to mention it.
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list