|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steve Francis (sfrancis
expertcity.com)Date: Mon Jul 01 2002 - 18:38:31 CDT
I have this called from cron:
#Update rules
cd /tmp
rm -rf rules
/usr/local/bin/wget http://www.snort.org/downloads/snortrules.tar.gz
tar -xzf snortrules.tar.gz
rm snortrules.tar*
mv /tmp/rules/*.rules /usr/local/share/snort
# Restart snort (doing it with stop/start restarts the snort-NNNNNNNN.log
# file).
/usr/local/etc/rc.d/snort.sh stop >/dev/null
if [ -d $ARCHIVE ]; then
cd $SNORTLOG
mv *-snort.log $ARCHIVE
fi
/usr/local/etc/rc.d/snort.sh start >/dev/null
twig les wrote:
>That's a good idea for a quick script that I should
>have had done months ago. As soon as I put out the
>lastest mystery fire I'll see if I can get a
>reasonable little Lynx-based cronjob.
>
>
>--- Steve McGhee <stevemlmri.ucsb.edu> wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>
>>with all the fuss lately over the new apache worm,
>>etc, id like to know
>>if my machine is getting hit (its patched, just
>>being curious). i know
>>about mod_blowchunks, but im looking for something
>>more general..
>>
>>it seems to me that snort could see these attacks
>>pretty easily.
>>
>>is there a tool/method out there that will retrieve
>>the *latest* snort
>>signatures automatically? for those of us not
>>running snort via CVS, id
>>like a way to do something like cvsup, but _only_
>>update my ruleset
>>every night or whatever.
>>
>>i cc: the freebsd team as this might be a cool
>>(simple) port. (something
>>like /usr/ports/security/snort-signatures)
>>
>>this could be helpful to people who are just
>>curious, or maybe could
>>provide some good numbers to shock lazy sysadmins
>>into actually patching
>>their machines.
>>
>>
>>..of course, this is all assuming there's someone
>>out there writing
>>signatures ;)
>>
>>- --
>>- -steve
>>
>>~
>>
>..........................................................
>
>>~ Steve McGhee
>>~ Systems Administrator
>>~ Linguistic Minority Research Institute
>>~ UC Santa Barbara
>>~ phone: (805)893-2683
>>~ email: stevemlmri.ucsb.edu
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: PGP 6.5.8
>>Comment: Using PGP with Mozilla -
>>http://enigmail.mozdev.org
>>
>>
>iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns
>
>>BcxrxnUpvAJK3Sczy5nY4Ir5
>>=9LCO
>>-----END PGP SIGNATURE-----
>>
>>
>>To Unsubscribe: send mail to majordomoFreeBSD.org
>>with "unsubscribe freebsd-security" in the body of
>>the message
>>
>
>
>=====
>-----------------------------------------------------------
>Only fools have all the answers.
>-----------------------------------------------------------
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! - Official partner of 2002 FIFA World Cup
>http://fifaworldcup.yahoo.com
>
>To Unsubscribe: send mail to majordomoFreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]