[Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
pmelson at gmail.com
Fri Dec 9 18:15:16 GMT 2005
Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical
> And check ./contrib on snort, you'll find a ton of ways to automate the
rule updates. Bad
> idea to let it autonomously update (because if you HUP snort and there's a
bad rule, it
> dies) .. but easily made into a once-a-week sort of thing.
cp /etc/snort/rules/* /home/snort/temprules
oinkmaster -c /etc/oinkmaster.conf
if [ $? -ne 0 ]; then
mail root -s "Update failed"
killall -HUP snort
test=`ps -ef |grep snort`
if [ "$test" = "" ]; then
cp /home/snort/temprules/* /etc/snort/rules
snort -c /etc/snort/snort.conf
mail root -s "Houston we have a problem"
mail root -s "Update successful"
You, too, can be replaced by a small shell script. :)
Full-Disclosure is hosted and sponsored by Secunia.