Re: [Snort-inline-users] Keeping the Pig up to date

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 26 Dec 2003, Bill Warren wrote:

> I jsut go my Snort-Inline box up and going.  It is blocking all sorts of 
> junk.  What are some good ways to keep it up to date?

If you mean the snort-inline rulebase, snortconf developed by Brian
Caswell (maintainer of the Snort rulebase) should help you.  This
tool is designed to take a current Snort rulebase, then convert it
for snort-inline use, including reject, replace, and drop rulesets.
Its pretty flexible, allowing you to modify rules based on SID, rule
file, and classifcation.  Brian is maintaining it at 

   http://www.shmoo.com/~bmc/software/snortconfig/

So, use the same tools/process you normally do to keep your Snort
sensors rulebases current, then add this tool to convert those
current rules.  This should be able to work out of crond, but I have
not tried that.

lance