rman-users Mailing List for Rule MANager for Snort
Status: Alpha
Brought to you by:
mvevers
You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
---|
From: Michael B. <mic...@se...> - 2002-08-22 11:38:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use Oinkmaster[1] and RMan[2] togeather. I am a great fan of text-file modification, perl-script automation etc. so I find Oinkmaster does a great job to keep my rules up-to-date (with modifications), and then I use Rman (loadrules.pl) to update the database and push the changes out to all my sensors ;) It works great! Feature request 1: Could there be a --force-update option for loadrules.pl so that I can force an update even if the "rev:" tag haven't been changed? Currently I have a modified version of loadrules.pl that always updates the rules, but would be nice to have a single script to maintain. Feature request 2: I would like loadrules.pl also scan snort.conf for variables and update them as well. Right now I am hacking the SQL table by hand, but I don't think that is feasable in the long run. Bug report: http://rman.sf.net is still saying that 0.3 is the latest version [1] http://nitzer.dhs.org/oinkmaster/ [2] http://rman.sf.net/ Best regards Michael Boman - -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ZM0uds5fQJiraJwRAqueAKDU0/TZdFgDMCfeoPLymSwLBPApBQCgoSp9 IDHSRpQoORZdbuoeETmYi3Y= =C56t -----END PGP SIGNATURE----- |
From: Mark V. <ma...@if...> - 2002-06-27 11:07:13
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I've just released rman - 0.0.4 Alpha - the primary reason for release is= =20 there have been quite a number of bugfixes and I felt it was time to role= =20 those up into a new release. Also, Larry Baumle has submitted a new sta= tus=20 page. There will be some more to add to that later. 0.04 doesn't have all the features I intended but we are working towards= that=20 set - I have added the automatic testing of new rule-sets at the sensors=20 before snort is asked to restart (and roll back if it fails). There are= =20 some minor database changes to support the new status code. There is als= o=20 support for the 'flow' option. I am stil hoping that one day the publish= ed=20 rulesets will have a minimum snort version option ....! Anyway the release is up on sourceforge : https//sourceforge.net/project/showfiles.php?group_id=3D46605 MD5 Sum: 6bbbddae38330b3d62034d39052fae6d rman-0.0.4a.tar.gz Any comments or bug reports please send to me at ma...@ve... Regards Mark - --=20 Mark Vevers. ma...@if... / mv...@rm... Internet Backbone Engineering Team Internet for Learning, Research Machines Plc Tel: +44 1235 823380, Fax: +44 1235 823424 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9GvHbWLU9HLCPPKMRAo3KAKCjoXoh9uYHG6ITvV3aDVoWIyGFyQCdFRPg HruEnRYHPKyWjP95cZWc980=3D =3D996U -----END PGP SIGNATURE----- |
From: Mark V. <ma...@if...> - 2002-03-08 11:46:26
|
Hi all, Released RMAN-0.0.3 Alpha last night. I've added variable handling and auto update of variables on multiple remote sensors to rman. This allows a 'sensor grid' wide default with per sensor variations and automatic update. (Oh and fixed a few bugs as well). This is the first stage in being able to handle per group variations as well so that you can have one rule, and for a particular group on a particular sensor the variable gets substituted without having to write special rules so that future updates to a rule apply to all variations .... but you'll have to wait for 0.0.4 alpha for that. (i.e. for an ISP - only scan all customer traffic for Nimda / CodeRed but apply full ruleset to isp's servers) Can those who have downloaded RMAN drop me a line to let me know how it's going - it would be great to have some feedback! (although this might not be the best time to ask for this as I am about to become a daddy for the second time ;-) !!) Mark -- Mark Vevers. ma...@if... / mv...@rm... Internet Backbone Engineering Team Internet for Learning, Research Machines Plc |