Snort rules modifications gone after updating rules
-
Hi All,
I am using 1.2.3 RC2 with snort package and I found that the modifications made to the rules using GUI are gone when rules are updated. I searched the forum for this and couldn't find anything related. So I guess this is normal. Just wanted to clarify.
Thanks
Abraham -
i have the same problem.
-
yeah. I've checked snort_download_rules.php, the script that updates rules, it actually removes the all files under /usr/local/etc/snort/.
/* Make Clean Snort Directory */ if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { if (file_exists("{$snortdir}/rules")) { update_status(gettext("Cleaning the snort Directory...")); update_output_window(gettext("removing...")); exec("/bin/rm {$snortdir}/*"); exec("/bin/rm {$snortdir}/rules/*"); exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); } else { update_status(gettext("Making Snort Directory...")); update_output_window(gettext("should be fast...")); exec("/bin/mkdir {$snortdir}"); exec("/bin/mkdir {$snortdir}/rules"); exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); update_status(gettext("Done making snort direcory.")); } }
So it works as expected. Since updates happen once a month unless you are subscribed, it wont be a big problem.
Thanks,
Abraham