[Snort-users] I have written a Linux shell script to enable all Snort rules which were commented out
wkitty42 at ...14940...
Mon Apr 7 20:54:03 EDT 2014
On 4/7/2014 6:04 PM, Teo En Ming wrote:
> Dear List,
> Originally, I had wanted to use Pulled Pork to enable all Snort rules which were
> commented out/disabled. But there is no comprehensive guide/manual on Pulled
> Pork which covers every step. So I thought better and decided to write a very
> simple Linux shell script to un-comment/enable all the Snort rules which were
> commented out/disabled. The source code only consists of a few lines.
the first thing to note is that you do not want /all/ rules enabled... you would
get so many alerts for traffic that is normal or FP (false positive) for your
network that you would not be able to see the real threats traversing your
you have to tune snort for your network traffic... that means that you need to
know what software is being used and enable only those rules that cover
vulnerabilities that are known in that software...
tuning is a major item... there is no "one size fits all" glove for any
network... without tuning, you are fighting a loosing battle...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users