[Snort-users] quick question about snort.conf

Peter Bates peter.bates at ...15381...
Wed Oct 24 06:41:36 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 23/10/2012 23:06, Jeremy Hoel wrote:
> The rules file you get still has all the rules in the little groups.
> That's still the official way.

I've mentioned this before - but for the acolyte/Snort beginner
it might be more useful if the snort.conf in the tarball didn't 'include'
a load of rule files that don't actually ship in the tarball itself.

I know very well *why* the rules are not included - but as it stands
if you download Snort and are faced with a bunch of errors primarily because
it has references to files you're meant to acquire by another route.

The default snort.conf comments out the preprocessor rules (which are 
in the tarball) and the SO rules - so why not comment out the standard rules lines
- - or include 'local.rules' and comment out the rest?

Or why not generate combined tarballs for registered/subscription users 
that contain the source and rules to get people started?

This problem seems to pop up from time to time - combined with when a new Snort is released
and there are no SO rules for registered users until the 30 day limit is reached.

If we've been doing this for a while then we understand the reasons and know
the solutions - I was just trying to be Devil's Advocate and reduce
new user confusion.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQh8XgAAoJELhVoVpEMS6RIrgH/Rd3IJOHVhKpKmsLR7Hjalwy
tjNTzOwNvpYdLkLvBrOBPOLjblDA3V6TqmFFKOtafox6EXyjSBePGK7hI3pRwUe3
kEuGBmtkY1TwdivYCKQBdSboLlDB34seddksN37GtqFVSM040gDA3NUGynXONnHD
T0AYJkgmDegAaTw31a2F+INYt7m5ccmWDTpnIAdT1iz08Imrxqfr9GJIGYtxaaOL
wigFBUy7e+wpdRuCGEnUuEbCM+ch6uaZqn/wqzql/gZNUMmFtAlwt7/zo4UCcL5X
1vX7t8sTFVCW3NyZZOrryHJJJgGXmv7/uuZwbMB4qck/+i2OOrSS0Kj9ZC+HS6o=
=Va32
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list