[Snort-users] I have written a Linux shell script to enable all Snort rules which were commented out

Jeremy Hoel jthoel at ...11827...
Mon Apr 7 18:58:18 EDT 2014


For you to get real help you'll need to post error messages and take the
time to look at whats online.  Pulled-pork has very good documentation, a
mailing list and it's easy to use.  So while you can use your script,
running ALL snort rules at once is a bad idea and will probably cause
something to break (probably since I haven't tried it before).

You know enough to script, which means you should be able to do tests, look
at error messages and provide some information that could help us respond
to a question in an effective manner.




On Mon, Apr 7, 2014 at 10:04 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:

> Dear List,
>
> Originally, I had wanted to use Pulled Pork to enable all Snort rules
> which were commented out/disabled. But there is no comprehensive
> guide/manual on Pulled Pork which covers every step. So I thought better
> and decided to write a very simple Linux shell script to un-comment/enable
> all the Snort rules which were commented out/disabled. The source code only
> consists of a few lines.
>
> ===Start of Linux Shell Script===
> #!/bin/sh
> # Linux shell script: enable-all-snort-rules.sh
> # Written by: Teo En Ming
> # Email: teo.en.ming at ...11827...
> # Date: 8 April 2014 Tuesday 5:17 A.M. Singapore Time
> # Version: 1.0
>
> RULE_PATH=/etc/snort/rules
>
> cd $RULE_PATH
>
> for i in `ls -1 $RULE_PATH`
> do
>       echo "Enabling all Snort rules in $i"
>       sed -i 's/^# //g' $i
> done
> ===End of Linux Shell Script===
>
> Use the program at your own risk! I assume no responsibility if you screw
> up your Snort installation. I tried to un-comment all the Snort rules and
> Snort couldn't start. Some enabled rules are preventing Snort from
> starting. Somebody please advise.
>
> Regards,
>
> Teo En Ming
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140407/15acb273/attachment.html>


More information about the Snort-users mailing list