[Snort-users] rules update on 2.8

Jason Haar Jason_Haar at ...15306...
Thu Dec 22 17:53:24 EST 2011


On 22/12/11 04:59, Nick Moore wrote:
>
> 3. Yum and other package update mechanisms are not the best way to
> keep Snort up to date. I have found that these frequently lag far
> enough behind the current version that in some cases, they are using a
> no longer supported version in their updates. I would instead
> recommend looking at it manually whenever there is a new Snort release
> and recompiling.
I can't agree with this strongly enough. The "official" OS vendors
arrange their updates around stability and "lack of surprise" (ie no
feature changes). As such, security products like AV and snort simply
cannot fit that model, as they have a daily churn-rate.

If you want to run clamav and/or snort, either you need to manually
maintain and run your own, or find some nice person running a
third-party addon (like rpmforge for Redhat/CentOS) who is willing to do
that donkey work for you

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list