[Honeywall] Snort updates

Earl esammons at hush.com
Thu Jun 28 01:37:53 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nelson,

I was thinking that sid-msg.map would come down fresh with each
rule update but that limits things to one rule repository.  Telling
oinkmaster to skip downloading it then running create-sidmap.pl (as
you suggest) on the entire rule set post update will cover cases
when people want ot configure things for updates from multiple rule
repos.

There might be other twaeks to add here to make it easier to
reconfig for other rule repos...  I was kinda rushed... did my best
to get it working for just VRT rules with hopes that it would also
be reconfigurable for other repos as well.

Great tip.  I'll get to this one soon.  thanks!

Earl

On Wed, 27 Jun 2007 15:27:41 -0400 Nelson Williams
<ngamazo at segurmatica.cu> wrote:
>Hello
>
>The honeywall is updating snort rules using Oinkmaster. But the
>Oinkmaster
>by default don't update the sidmap file for snort, so new update
>rules will
>not be named (displayed as "unknown signature") in the walleye
>interface.
>
>The script "hwruleupdate" should need to run the following command
>after
>update the snort rules:
>
>
>
>create-sidmap.pl /etc/snort/rules/ > /etc/snort/sid-msg.map
>
>
>
>Brgds.
>
>nelson
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkaDRPQACgkQk7+e+4lPSm1r/QCfUUg/dh3xFDe4JpECa7a+MEMO7+EA
niuQSnrWFVj8QvnQ/HyJgKANUZFG
=jnDi
-----END PGP SIGNATURE-----




More information about the Honeywall mailing list