OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matt Kettler (mkettler_at_evi-inc.com)
Date: Mon Dec 02 2002 - 10:50:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In general there's no "maintenance" of snort rules for ancient versions.
    The snort team keeps 2 rulesets available and updated, one for the latest
    officially released version, and one for the latest CVS branch. It's a lot
    of effort to keep 2 rulesets updated, and to go back to 1.8.6 they'd need
    to support at least 3, if not 4 (cvs, 1.9.0, 1.8.7, 1.8.6)

    My recommendation would be to upgrade to 1.9.0 ASAP and treat any effort
    put into 1.8.6 as "learning the system".. I'd not try to update it but if
    you insist you might be able to extract the rules from the 1.8.7 tarball
    and they *might* work on 1.8.6.

    Quite frankly upgrading rulesets tends to be as difficult as upgrading
    snort versions. The hardest part is getting your snort.conf right, and
    upgrading rulesets, particularly when you are going so far forward, often
    requires a new snort.conf. (ie: if the new rules have new variables, or new
    rulefiles were added, they need to be in snort.conf). At that point you may
    as well install 1.9.0, or at least 1.8.7.

    At 06:07 AM 12/2/2002 -0800, David Stubblefield wrote:
    >Hello,
    >
    >First off I am a newbie. I am currently in an environment that is running
    >Snort 1.8.6. I have been asked to come up to speed on that system and
    >then upgrade to the latest version. So I am working on installing version
    >1.8.6 via the Snort Installation Manual - Snort, MySQL, Red hat 7.3. I
    >have downloaded and installed snort1.8.6 as well as MySQL client and dev
    >rpm's. Now I would like to download the signatures but all I see is
    >signatures for 1.9. Is it possible to get the signatures for 1.8.6 and if
    >so where? Also I am open to any and all suggestions regarding getting
    >1.8.6 up and running and then upgrading to the latest version. Anyone's
    >time and consideration regarding this is greatly appreciated.
    >
    >
    >Thanks in advance,
    >David Stubblefield

    -------------------------------------------------------
    This SF.net email is sponsored by: Get the new Palm Tungsten T
    handheld. Power & Color in a compact size!
    http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users