|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Snort-users] Re: Updating Rules
From: Esler, Joel - Contractor (joel.esler
rcert-s.army.mil)
Date: Mon Aug 02 2004 - 09:42:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
How do you "hardcode" a script? You can't replace the hostnames with
XXXXXXXX?
-----Original Message-----
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Thompson,
Jimi
Sent: Friday, July 30, 2004 10:27 PM
To: Richard Bejtlich; snort-userslists.sourceforge.net
Subject: RE: [Snort-users] Re: Updating Rules
We use a "trusted host" that uses PKI to authenticate and SSH out to
each of the SNORT sensors to push new rules out. It's scripted and when
we push new rules, we kick off the script. It goes out, writes the new
rules to each sensor and then restarts SNORT. It's fairly simple to
write. I'd attach it, but our hostnames are hard coded in.
Jimi
-----Original Message-----
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Richard
Bejtlich
Sent: Friday, July 30, 2004 4:35 PM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] Re: Updating Rules
Lyndon Tiu wrote:
On a similar note, how do you update automatically?
--
Lyndon,
I documented a sample Oinkmaster session in my Blog:
http://taosecurity.blogspot.com/2004_07_01_taosecurity_archive.html#1089
57531936280978
Keith's recommendation for Oinkmaster is the way to go.
Sincerely,
Richard
http://www.taosecurity.com
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]