[Honeywall] #38: Test snort rule update

Honeywall honeywall-trac at projects.honeynet.org
Sun Apr 20 17:28:27 EDT 2008


#38: Test snort rule update
------------------------+---------------------------------------------------
  Reporter:  rmcmillen  |       Owner:  rmcmillen
      Type:  task       |      Status:  assigned 
  Priority:  major      |   Milestone:  roo-1.4  
 Component:  Honeywall  |     Version:  1.4b3    
Resolution:             |    Keywords:           
------------------------+---------------------------------------------------
Changes (by rmcmillen):

  * status:  new => assigned
  * owner:  rob at honeynet.org => rmcmillen

Comment:

 UI menu added to walleye (See ChangeSet 56).  hwruleupdate works properly
 and places new rules in /etc/snort/rules.  However, it does not regenerate
 the sid-msg.map nor does it load it to the db.  This can potentially
 result in an unknown signature value in walleye when it tries to display
 the alerts.

 Also, it does not restart snort by default to use the new rules.  However,
 since the rules are placed in the proper location, if snort is restarted,
 it will use the new rules.

 Todo:[[BR]]
 1.  recreate /etc/snort/rules/sid-msg.map when new rules are added.[[BR]]
 2.  load new sid-msg.map to db when new rules are added.[[BR]]
 3.  test (cannot test till tomorrow because I have already exceeded my max
 download for the day).

-- 
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/38#comment:2>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site


More information about the Honeywall mailing list