[Snort-users] Inputs about polman for managing rules

Edward Fjellskål edwardfjellskaal at ...11827...
Fri Apr 8 09:42:53 EDT 2011


Hi,

On Fri, Apr 8, 2011 at 11:27 AM, carlopmart <carlopmart at ...11827...> wrote:
> Hi all,
>
>  After some weeks of tests using pulledpork, I am not convinced. After
> searching another posibilities, I have found two: oinkmaster and polman
> (http://www.gamelinux.org/?p=240)
>
>  Oinkmaster is too old and needs some tunning to make all I need and
> that causes difficulties to maintain.
>
>  On the other side, Polman offers some very interesting features, but I
> see a problem: I need to keep two databases for different sensors
> (suricata and snort), hosted in shared storage accessible by two
> servers. Looking at the script, is enough to modify the path which
> polman search these databases?

I run polman on my sguil-server. I generate all the rulesets for the
sensors there, and scp them to the sensors. On the sguil-server,
I aslo have snort installed, so I can check if "snort -Tc" work before
sending (scp) at least the snort rules off to the sensor (suricata has not
such a function yet). Then I ssh %cmd to restart the sensor.

>  And any input about this tool??

Other than I wrote it for my use, and have used it without any big
features missing for me since I wrote it, I have not updated it.
So it has worked for me 3-4 months now.
Any suggestions/bugs/features are very welcome!

I have stuff on my todo list, but not got around to implement them yet.

e

>  Thanks.
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Edward Bjarte Fjellskål
Senior Security Analyst
http://www.gamelinux.org/




More information about the Snort-users mailing list