Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: snort updates and changes to snort.conf

Re: snort updates and changes to snort.conf

From: <infolookup_at_gmail.com>
Date: Wed, 2 Jul 2008 21:19:27 +0000


------Original Message------
From: Joe Beasley
Sender: listbounce_at_securityfocus.com
To: newsecurityguy
Cc: security-basics_at_securityfocus.com
Sent: Jul 1, 2008 8:21 PM
Subject: Re: snort updates and changes to snort.conf

You don't have to put your snort.conf file in the same directory your
*.rules files are in. I keep my snort.conf
in /usr/local/snort-version/etc, and keep all the rules
in /usr/local/snort-version/rules.

All rule updates will have a new snort.conf (which is overwritten each
time) in the rules directory, but I start snort with the conf file in
the etc directory.

On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
> I know this is not really the place for this question but I have had no luck
> elsewhere. Currently, snort is set to update to the newest rule set on a
> daily basis, which is what I want. However, I also need to suppress some
> SIDS, which I have always done by editing the snort.conf file. When the
> updates occur, it appears as if snort.conf is overwritten with a new
> version, as the changes I make to the file do not last more than 24 hours
> before disappearing out of the snort.conf. Am I correct in assuming this is
> what is occurring? Is there any other way to easily suppress events without
> having to edit the file after each update?



Sent from my Verizon Wireless BlackBerry
Received on Jul 02 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos