[Snort-users] rules update on 2.8

Nick Moore nmoore at ...1935...
Wed Dec 21 10:59:03 EST 2011


Hermit,

1. Your Snort version is out of date - we are currently on version 2.9.2.
Snort 2.8.6.1 is still on the web site for registered rule users, but will
be aged out in the next couple months.

2. I'd recommend using pulled pork over oinkmaster. There are several
guides available on setting it up online.

3. Yum and other package update mechanisms are not the best way to keep
Snort up to date. I have found that these frequently lag far enough behind
the current version that in some cases, they are using a no longer
supported version in their updates. I would instead recommend looking at it
manually whenever there is a new Snort release and recompiling.

Hope this helps and Happy Snorting!

Nick

On Wed, Dec 21, 2011 at 8:35 AM, <hermit at ...15048...> wrote:

> Long time lurker,
>
>    I started a new position as systems administrator for a small
> company and just caught up on 6 months of email sitting around in this
> folder.  The company I currently work for uses snort so I decided to
> catch up on the email and check the installation.  The old sysadmin
> has a cron set up to pull rules nightly with:
>
>
> http://www.snort.org/pub-bin/oinkmaster.cgi/somegibberishhere/snortrules-snapshot-2.8.tar.gz
>
> This fails.
>
>
> [root at ...15475... ~]# rpm -q snort
> snort-2.8.5-1
>
> Seems to be the latest available.
>
> [root at ...15475... ~]# yum update snort
> Loaded plugins: downloadonly, security
> Excluding Packages in global exclude list
> Finished
> Skipping security plugin, no data
> Setting up Update Process
> No Packages marked for Update
> [root at ...15475... ~]#
>
>
> [root at ...15475... ~]# cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 5.6 (Tikanga)
> [root at ...15475... ~]#
>
> Is it safe to change "snapshot-2.8" to "snortrules-snapshot-2861.tar.gz"?
>
> Thanks
> Hermit
>
>
>
> ------------------------------------------------------------------------------
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development. Create
> new or port existing apps to sell to consumers worldwide. Explore the
> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
> http://p.sf.net/sfu/intel-appdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111221/a00e9fe9/attachment.html>


More information about the Snort-users mailing list