[Snort-users] rules in snort inline

Burks, Doug doug.burks at ...14446...
Tue Jun 15 15:46:13 EDT 2010


How about something like this?
 
sed -i 's|^alert |drop |g'  /etc/snort_inline/rules/*.rules
 
Regards,
--
Doug Burks, GPEN, GCIA, GSEC, CISSP
http://securityonion.blogspot.com
 

________________________________

From: black_angel black_angel [mailto:black.sad.angel at ...11827...] 
Sent: Tuesday, June 15, 2010 3:34 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] rules in snort inline


hey everybody,
i try to change all the rules for my snort inline from mode "alert" to
"drop" i used this script but it doesn't work correctly:


cd /etc/snort_inline/rules/
for file in $(ls -1 *.rules)
do
               sed -e 's:^alert:drop:g' ${file} > ${file}.new
               mv ${file}.new ${file} -f
done
if someone have another script or any idea

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100615/06115eca/attachment.html>


More information about the Snort-users mailing list