<div dir="ltr"><div><div>You still need a program to check if the rule files in /etc/snort/rules are missing in the include statements in /etc/snort/snort.conf.<br><br></div>Here is the output from my Linux shell script:<br>
<br>[root@...274... teo-en-ming]# ./detect-missing-snort-rule-files.sh <br>black_list.rules not included in /etc/snort/snort.conf!<br>deleted.rules not included in /etc/snort/snort.conf!<br>VRT-License.txt not included in /etc/snort/snort.conf!<br>
white_list.rules not included in /etc/snort/snort.conf!<br><br><br></div>Teo En Ming<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 12, 2014 at 2:09 PM, Jeremy Hoel <span dir="ltr"><<a href="mailto:jthoel@...11827..." target="_blank">jthoel@...11827...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">You do know that snort will tell you if it's missing rules when you run a test, right?<div><br></div>
<div>snort -T -c <path to config file></div><div><br></div><div>No reason to have a script check it for you.. </div>

<div>Plus, if you use pulledpork then you just have (probably) snort.rules and local.rules.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Fri, Apr 11, 2014 at 11:59 PM, Teo En Ming <span dir="ltr"><<a href="mailto:teo.en.ming@...11827..." target="_blank">teo.en.ming@...11827...</a>></span> wrote:<br>


</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div>===Start of Linux shell script===<br>#!/bin/sh<br># Linux shell script: detect-missing-snort-rule-files.sh<br>


# Written by: Teo En Ming<br># Email: <a href="mailto:teo.en.ming@...13610...7..." target="_blank">teo.en.ming@...11827...</a><br>
# Date: 12 April 2014 Saturday 1:00 P.M. Singapore Time<br># Version: 1.0<br>#<br># This program detects missing rule files in your /etc/snort/snort.conf configuration file.<br>#<br><br>RULE_PATH=/etc/snort/rules<br>SNORT_CONF=/etc/snort/snort.conf<br>



<br>cd $RULE_PATH<br><br>for i in `ls -1 $RULE_PATH`<br>do<br>    grep "^include \$RULE_PATH/$i" $SNORT_CONF > /dev/null<br>    if [ $? -ne 0 ]<br>    then<br>        echo "$i not included in $SNORT_CONF!"<br>



    fi    <br>done<br></div>===End of Linux shell script===<br></div>
<br></div></div>------------------------------------------------------------------------------<br>
Put Bad Developers to Shame<br>
Dominate Development with Jenkins Continuous Integration<br>
Continuously Automate Build, Test & Deployment<br>
Start a new project now. Try Jenkins in the cloud.<br>
<a href="http://p.sf.net/sfu/13600_Cloudbees" target="_blank">http://p.sf.net/sfu/13600_Cloudbees</a><br>_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br></blockquote></div><br></div>
</blockquote></div><br></div>