| Snort Management Scripts |
|
|
|
|
Scripts for convenient Snort management.
They're simple little things but I've found them quite useful in managing Snort, a daily activity. In a recent thread on the Internet Storm Center I offered some scripts that I wrote entirely for convenience at the shell prompt. Save each as the # commented title, add them to your working directory, chmod a+x them, and use at will: For Bleeding-Edge rules, I prefer the single bleeding-all.rules so I use this to update it rather than Oinkmaster: #bleedingpig cd /etc/snort/rules/ rm -f bleeding-all.rules wget http://www.bleedingsnort.com/bleeding-all.rules ----------------------- To fire Oinkmaster manually rather than cron: #oink oinkmaster.pl -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rules ----------------------- To kill the daemon: #killpig killall snort ----------------------- To confirm Snort process state: #pigps ps aux | grep snort ----------------------- To confirm Snort running cleanly after config or rule changes: #pigchk /usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -v ----------------------- To start the daemon: #pigd /usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -g snort -D |
| < Prev | Next > |
|---|