[Snort-users] I have written a Linux shell script to detect missing rule files in your /etc/snort/snort.conf!
wkitty42 at ...14940...
Sat Apr 12 20:24:08 EDT 2014
On 4/12/2014 2:37 AM, Teo En Ming wrote:
> You still need a program to check if the rule files in /etc/snort/rules are
> missing in the include statements in /etc/snort/snort.conf.
> Here is the output from my Linux shell script:
> [root at ...274... teo-en-ming]# ./detect-missing-snort-rule-files.sh
> black_list.rules not included in /etc/snort/snort.conf!
this one is for the reputation processor... it does not contain rules... only IP
> deleted.rules not included in /etc/snort/snort.conf!
all of these are commented out because they have been removed for various reasons...
> VRT-License.txt not included in /etc/snort/snort.conf!
this is not a rule file!
> white_list.rules not included in /etc/snort/snort.conf!
this one goes with black_list.rules above... it, also, does not contain any
rules... only IP addresses...
while your idea and script are good, blindly including all rules files is not a
good thing to do...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users