OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Fyodor (fygravetigerteam.net)
Date: Fri Mar 30 2001 - 05:53:56 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, Mar 30, 2001 at 01:21:31PM +0200, Roeland Weve wrote:
    > Howdy,
    >
    > Maybe it already exists, but I am working on a php (web)interface to
    > switch rules on or off, to delete, or to add them.
    > If it's ready, it makes it possible to manage the rules from within the
    > network.

    Dragos Ruiu (drkyx.net, drdursec.com) was working on some kind of similar
    project. I guess if you would contact him, he could show you what he has done
    so far.

    > That's more easier for everybody, because you don't have to ssh or local
    > log into to the ids machine anymore and to find and edit the rule files.
    >

    indeed. But hope you are not forgetting about proper authentication, right? :)

    > Another point why I'm making this, is to check if there are new rules.
    > I have to get the latest version of the rules from the internet and
    > compare them with the rules on the ids. So, does anybody knows how I
    > can get the latest rules from the internet?
    > >From snort it isn't possible, because the directorie contains a date:
    > http://www.snort.org/Files/03152001/snortrules.tar.gz
    > ^^^^^^^^
    > The date will change, if the latest rules are saved like
    > 'http://www.snort.org/Files/snortrules.tar.gz' it would be better, so I
    > can always get the latest rules with wget or something.

    I donno, I guess you should probably ask Jim about it :)

    > I was thinking of CVS, but I do not know how to get all the rules as
    > simple as possible. I don't want to do it by name (sql.rules) but by
    > syntax (*.rules). So, if there will be a new ruleset (blalba.rules) it
    > also takes that file and I can include it.

    CVS actually is not as complete as rules base at www.snort.org or www.whitehats.com. Mostly
    the rulebase is kept there for demo purpose only (Althrough Marty maintains them being more
    or less up to date as far as I see :)). 

    -- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users