[Snort-users] I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf!

Jeremy Hoel jthoel at ...11827...
Sat Apr 12 02:09:53 EDT 2014


You do know that snort will tell you if it's missing rules when you run a
test, right?

snort -T -c <path to config file>

No reason to have a script check it for you..
Plus, if you use pulledpork then you just have (probably) snort.rules and
local.rules.


On Fri, Apr 11, 2014 at 11:59 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:

> ===Start of Linux shell script===
> #!/bin/sh
> # Linux shell script: detect-missing-snort-rule-files.sh
> # Written by: Teo En Ming
> # Email: teo.en.ming at ...11827...
> # Date: 12 April 2014 Saturday 1:00 P.M. Singapore Time
> # Version: 1.0
> #
> # This program detects missing rule files in your /etc/snort/snort.conf
> configuration file.
> #
>
> RULE_PATH=/etc/snort/rules
> SNORT_CONF=/etc/snort/snort.conf
>
> cd $RULE_PATH
>
> for i in `ls -1 $RULE_PATH`
> do
>     grep "^include \$RULE_PATH/$i" $SNORT_CONF > /dev/null
>     if [ $? -ne 0 ]
>     then
>         echo "$i not included in $SNORT_CONF!"
>     fi
> done
> ===End of Linux shell script===
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140412/ecd6e060/attachment.html>


More information about the Snort-users mailing list