Thu Nov 23 16:36:19 EST 2017
The date will change, if the latest rules are saved like
'http://www.snort.org/Files/snortrules.tar.gz' it would be better, so I
can always get the latest rules with wget or something.
I was thinking of CVS, but I do not know how to get all the rules as
simple as possible. I don't want to do it by name (sql.rules) but by
syntax (*.rules). So, if there will be a new ruleset (blalba.rules) it
also takes that file and I can include it.
Then the compare part will be done by diff or something.
Maybe I will make this part in perl, so I can crontab it daily and mail
the difference between the rulesets. (I saw already some progz doing
something like this).
If it's ready I will put it on the mailing list.
Some disadvantages are that you have to change the directory where the
rule files are saved (now I have to snort.conf in /etc/snort and the
rules in /var/www/html/rules/, that's because I can savely change the
write and read rights there...).
Well, if anybody has any idea's or knows existing programs that I can
use, etc. I will be really appreciated!
More information about the Snort-users