Thread: [mod-security-users] Patch to properly generate Snort rules
Brought to you by:
victorhora,
zimmerletw
From: Javier Fernandez-S. <jfe...@ge...> - 2004-10-28 16:05:03
Attachments:
snortmodsec-rules.txt.gz
snort2modsec.diff
|
Hi there, I was meaning to send this for a while, but didn't have time. Attached is a patch (I hope Ivan sees it) to fix the snort2modsec script so that it only tries to generate filters for the Snort rules which are related to HTTP attacks (otherwise, there are a lot of definitions which are just not correct). It will also add the SID (Snort ID) to the comment so it's easier to track what rule generated which filter. Attached is also a sample output from the latest Snort ruleset. Regards Javier |