| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Dec 9 18:16:02 2005 From: pmelson at gmail.com (Paul Melson) Subject: Snort as IDS/IPS in mission-critical enterprisenetwork -----Original Message----- Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork > And check ./contrib on snort, you'll find a ton of ways to automate the rule updates. Bad > idea to let it autonomously update (because if you HUP snort and there's a bad rule, it > dies) .. but easily made into a once-a-week sort of thing. cp /etc/snort/rules/* /home/snort/temprules oinkmaster -c /etc/oinkmaster.conf if [ $? -ne 0 ]; then mail root -s "Update failed" exit 2 fi killall -HUP snort test=`ps -ef |grep snort` if [ "$test" = "" ]; then rm /etc/snort/rules/* cp /home/snort/temprules/* /etc/snort/rules snort -c /etc/snort/snort.conf mail root -s "Houston we have a problem" exit 1 else mail root -s "Update successful" exit 0 fi You, too, can be replaced by a small shell script. :) PaulM
Powered by blists - more mailing lists