Re: [mod-security-users] include snort rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] include snort rules
|
From: Ivan R. <iv...@we...> - 2005-11-16 10:56:32
|
Peter VE wrote: >>>I'm using the ModSecurity script to convert, but it is launched from >>>within my own script, which >>>- downloads various sets of rules (snort, bleeding, community) >>>- extracts the rules >>>- only converts the rules that I need >>>- rips out some rules that I don't want/need >>>(after converting snort rules, I noticed that the converted file >>>contains a couple of SecFilter "" and SecFilter "=" entries, >>>which kinda break basic functionality... ) >> >> Nice. How long have you been using the Snort rules for? Are you >> happy with them for web intrusion detection? >> > > snort rules for mod_security : 2 days > this is the first webserver, so I really don't know how good/bad they > are... > Has anyone else played with the snort rules for > - IDS (snort itself) > - SecFilters (mod_security) ? > If so, what are your findings ? I didn't use them in practice but, after looking at them, I thought they were too broad. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
