This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom IPS Rules in Latest Version?

I been away from the forums for sometime and I have a few clients who run 8.0.
There was a feature in 6.0 that allowed you to create custom snort rules.
It was talked about to come in ver 8 but never happened.

Does the latest version have custom rules back?
I will be test installing the latest version to check but a quick search on the forums looked to only bring up some old posts on the subject.

This thread was automatically locked due to age.

Parents

0 BarryG over 12 years ago

Hi
This should work:

add
include $RULE_PATH/local.rules

to
/var/sec/chroot-snort-####-##/etc/snort/snort.conf-default

and create a new file,
/var/sec/chroot-snort-####-##/etc/snort/rules/local.rules

with the rules you want. make sure they have unique SIDs.
(replace the #'s with the snort version #'s in your Astaro install. (ls /var/sec to find the right path))

And restart the IPS.

I haven't tested this on Astaro, but that is how Snort normally does it.

Of course this will void your warranty, batteries are not included, ...

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 12 years ago

Hi
This should work:

add
include $RULE_PATH/local.rules

to
/var/sec/chroot-snort-####-##/etc/snort/snort.conf-default

and create a new file,
/var/sec/chroot-snort-####-##/etc/snort/rules/local.rules

with the rules you want. make sure they have unique SIDs.
(replace the #'s with the snort version #'s in your Astaro install. (ls /var/sec to find the right path))

And restart the IPS.

I haven't tested this on Astaro, but that is how Snort normally does it.

Of course this will void your warranty, batteries are not included, ...

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data