[Snort-users] I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf!

Teo En Ming teo.en.ming at ...11827...
Sat Apr 12 02:37:37 EDT 2014


You still need a program to check if the rule files in /etc/snort/rules are
missing in the include statements in /etc/snort/snort.conf.

Here is the output from my Linux shell script:

[root at ...274... teo-en-ming]# ./detect-missing-snort-rule-files.sh
black_list.rules not included in /etc/snort/snort.conf!
deleted.rules not included in /etc/snort/snort.conf!
VRT-License.txt not included in /etc/snort/snort.conf!
white_list.rules not included in /etc/snort/snort.conf!


Teo En Ming


On Sat, Apr 12, 2014 at 2:09 PM, Jeremy Hoel <jthoel at ...11827...> wrote:

> You do know that snort will tell you if it's missing rules when you run a
> test, right?
>
> snort -T -c <path to config file>
>
> No reason to have a script check it for you..
> Plus, if you use pulledpork then you just have (probably) snort.rules and
> local.rules.
>
>
> On Fri, Apr 11, 2014 at 11:59 PM, Teo En Ming <teo.en.ming at ...11827...>wrote:
>
>> ===Start of Linux shell script===
>> #!/bin/sh
>> # Linux shell script: detect-missing-snort-rule-files.sh
>> # Written by: Teo En Ming
>> # Email: teo.en.ming at ...11827...
>> # Date: 12 April 2014 Saturday 1:00 P.M. Singapore Time
>> # Version: 1.0
>> #
>> # This program detects missing rule files in your /etc/snort/snort.conf
>> configuration file.
>> #
>>
>> RULE_PATH=/etc/snort/rules
>> SNORT_CONF=/etc/snort/snort.conf
>>
>> cd $RULE_PATH
>>
>> for i in `ls -1 $RULE_PATH`
>> do
>>     grep "^include \$RULE_PATH/$i" $SNORT_CONF > /dev/null
>>     if [ $? -ne 0 ]
>>     then
>>         echo "$i not included in $SNORT_CONF!"
>>     fi
>> done
>> ===End of Linux shell script===
>>
>>
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140412/59ad472a/attachment.html>


More information about the Snort-users mailing list