Re: [mod-security-users] include snort rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] include snort rules
|
From: Peter VE <xx...@im...> - 2005-11-16 10:00:56
|
> > > > Peter VE wrote: > > Hi, > > > > I wrote a script that pulls down multiple sets of snort rules, and > > converts specific rulefiles to SecFilters. > > You shouldn't have, there's a script included with ModSecurity > that does just that :) I'm using the ModSecurity script to convert, but it is launched from within my own script, which - downloads various sets of rules (snort, bleeding, community) - extracts the rules - only converts the rules that I need - rips out some rules that I don't want/need (after converting snort rules, I noticed that the converted file contains a couple of SecFilter "" and SecFilter "=" entries, which kinda break basic functionality... ) > > > > When I update the files with newer files, will mod_security > > automatically use the newer file ? Or does Apache need a restart ? > > You need to restart Apache. > Will Apache start when one of the mod_security SecFilters is wrong ? After all, this is an automated process - there is a chance that something is wrong with the original snort rules, or with converting those rules into filters... > > > If it automatically uses the newer file, what happens at the very > time > > the file gets overwritten? > > Nothing. When Apache is started rules are read in memory. What > you do with the file afterwards is not important. > Thanks ! > -- > Ivan Ristic > Apache Security (O'Reilly) - http://www.apachesecurity.net > Open source web application firewall - http://www.modsecurity.org > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. Get Certified Today > Register for a JBoss Training Course. Free Certification Exam > for All Training Attendees Through End of 2005. For more info visit: > http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > |
