Snort: "Update rules automatically"
Upgrade rules on cron
(3 */12 * * * root /usr/bin/nice-n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log)
does not work!
I receive in /usr/local/etc/snort/snort_update.log:
You must enter valid credentials to access this resource.
Works after editing snort_check_for_rule_updates.php:
/ require_once("guiconfig.inc"); /
P.S. What for guiconfig.inc has been included? ::)
If the file is meant to be accessed using the Web Interface, that include makes sure that a user is prompted for a username and password before they are allowed access to the page.
If that script is meant to only be run from the CLI, it can have that include removed and it should be moved out of /usr/local/www - perhaps to /usr/local/bin - so that it cannot be accessed via the web without authentication. Otherwise, anyone who is allowed to hit the WebGUI port could trigger that script.
Clearly, root through cron refresh rules cannot.
We will be refreshed therefore through webgui.