In 5.2 version of ClearOS, updating free snort rules manually was troublesome (using oinkmaster script with some modifications), and building the app from source didn't show positive results since it relied on web framework and shouldn't be touched.
Now, what is the status with Snort in 6.2? Will there be regular automatic updates for the app itself, or will it be possible to update it manually without the problems with web console?
What about the rules, can we manully update them?
P.S. I heard that this version has support for logging in mysql database, true or false?
Tnx,
Marko
Now, what is the status with Snort in 6.2? Will there be regular automatic updates for the app itself, or will it be possible to update it manually without the problems with web console?
What about the rules, can we manully update them?
P.S. I heard that this version has support for logging in mysql database, true or false?
Tnx,
Marko
Share this post:
Responses (1)
-
Accepted Answer
I wrote a script a while back to enable you to update your rules with those from Emerging Threats. It is a rule set or nothing so not as flexible as I understand Oinkmaster and PulledPork are. I run the script from cron.weekly with no user intervention.
For 6.2 the file locations need to be updated as they have changed in ClearOS and the rule files have changed as well. Also the script needs to be pointed to the 2.9 rules on the ET web site. It should be quite easy to do this.
One thing to bear in mind is that ClearOS are about to release the GPL rules as an update to snort so you may want/need to add them into the script when it happens.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »