Base has some dependencies, but there are more pros than cons.
Oinkmaster, use 'modifysid' to turn the rule off, look in the documentation or
even in the oinkmaster.conf file.
I was under the assumption if the rule is edited and ID remains the
same it will not be overwritten on next oinkmaster update..Am i
mistaken here?
If a rule is edited and the ID remains the same, the rule WILL be overwritten
(hence why I recommend you edit a COPY of our rule, as opposed to editing our
direct rule, because if you modify our rule, then use oinkmaster, all your
changes just got zapped).
I'd rather edit manually, but I have alot of stuff that does it for me.
On Tue, Sep 12, 2006 at 02:50:37PM -0400, martin apparently sent me:
Thanks Joel.
I tried SC 2 ...as crappy as SC 1 really. Lots of bugs and still does
nothing for me.
I tried installing base but got a lot of dependency issues and gave
up. I will try again.
On oinkmaster how would I shut off your rules specifically?
I was under the assumption if the rule is edited and ID remains the
same it will not be overwritten on next oinkmaster update..Am i
mistaken here?
I haven't done IDSPM yet because it is Windows based. I wonder why
there is no proper linux-based console...But I will provision machine
and do it. Would you recommend that over editing manually?
thanks
Martin
On 9/12/06, Joel Esler <joel.esler@sourcefire.com> wrote:
First off, ditch ACID. :-) Use BASE. base.secureideas.net ACID is dead.
There's a couple ideas I can give you, one: IDSPM from
http://www.activeworx.org
two: http://www.sourcefire.com :)
three: Sguil (Bamm, am I right with that?)
I think I heard of a SnortCenter2 as well. Try checking for that.
Also, if you are editing the Sourcefire signatures, it's recommended that
you copy the rule you are editing to
local.rules, edit it, and shut off ours using oinkmaster, and in the rules
file.
Also, ensure that your variables are accurate as well.
Joel
On Sun, Aug 27, 2006 at 12:13:28PM -0400, martin apparently sent me:
I have a Snort-Mysql-Acid-Snortcenter setup.
I am using Snortcenter to update my signature files to my 6 sensors.
The problem I am having is Snortcenter does not edit the signatures
correctly in the DB so my Snortcenter updates overwrite my exisiting
changes in the snort.conf files (any tuning or removing of
signatures).
What alternative is there to snortcenter that I can use to tune
signatures from a central location and push out?
thanks
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+
joel esler senior security consultant 1-706-627-2101
Sourcefire Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
gpg key: http://demo.sourcefire.com/jesler.pgp.key
aim:eslerjoel ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+
+---------------------------------------------------------------------+
joel esler senior security consultant 1-706-627-2101
Sourcefire Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
gpg key: http://demo.sourcefire.com/jesler.pgp.key
aim:eslerjoel ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
