Thread: [Rman-devel] Suggested work-around for the catch-22 issue
Status: Alpha
Brought to you by:
mvevers
From: Michael B. <mic...@se...> - 2002-10-29 10:36:18
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was thinking, if the sensor is not known (like first time you start the sensor) then snort -T <other options> should be issued to put the sensor in the database. I also suggests a extractrules gets a --init option that add the sensor to the rman sensor table. Another idea is also to have a 'default' sensor that is part of a default group that has a bunch of rules the user think he wants to start off with. Basicly anything that removes the catch22 would be nice. What do you guys think about it? Best regards Michael Boman PS The active response hacking has been suffering lack of progress lately as I got busy with other tasks. It is still on my todo list however. DS - -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9vmSSds5fQJiraJwRAgwJAKCjZs1GKHq6lD4dh+E6VqpZTXuzlQCdFfWr xvxiByyJho3wIr1jYvnZvq8= =xBVN -----END PGP SIGNATURE----- |