Snort custom rules/config?
-
Hi everyone,
Sorry in advance if this has been answered. I did spend some time searching for the answer before asking so don't completely flame me.
Two questions, similar topic:
-
Is there a way to config the aliases used in the snort rules. For instance $HOME_NET $EXTERNAL_NET….. ETC. Seems like this would allow a big performance boost to those who are having issues.
-
Is there a way to include other rulesets besides those available from Snort.org, such as the bleeding rules?
Thanks,
-Geoff
-
-
Currently the snort package only supports updating signatures from an oinkmaster server. People have asked for bleeding snort support before, but nobody's submitted any patches for it yet.
-
And about the aliases?
-
No, I don't believe there is a way to do this either in the current package.
-
Is it ok to just modify the snort.conf file, or will that hose everything?
-
Is it ok to just modify the snort.conf file, or will that hose everything?
Sure but it will be overwritten on every bootup. Search the forum for more information on this.
-
Heh.. 3 posts and I'm already a 'go search the forum newb'. Thanks for the responses. I do appreciate them.
-
Heh.. 3 posts and I'm already a 'go search the forum newb'.
Sorry but this has been gone over in quite a lot of detail. Far more detail than I care to spend posting it yet again and or explaining myself again. That IS what the search function is for. Nothing personal.
-
NP