Bug #1749
closed
Rules/ Categories update
0%
Description
The present snort package architecture will forget any customization done to the rules and categories after a rules update.
Updated by Kyle Britton over 12 years ago
I too have noticed this problem. Even though Snort will say "reapplying enabled/disabled rules" when doing an updated it WILL NOT in fact actually reapply previous enables/disables. It looks like Snort was designed with this in mind, but it's broke. Coding should already be there, if someone could take a quick peak it should be a easy fix.
Running, pfSense 2.1 Developmental, AMD64
Updated by David Nadle over 12 years ago
I am seeing this issue with 2.0 release, amd64. The process that autogenerates oinkmaster_nnnnnn_em0.conf is creating a bad file with a lot of incomplete disablesid and enablesid lines. It also appears that snort is not interpreting any of the good lines in the file either.
My oinkmaster.conf:
########################################### # # # this is auto generated on snort updates # # # ########################################### path = /bin:/usr/bin:/usr/local/bin update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ url = dir:///usr/local/etc/snort/rules enablesid enablesid disablesid 2002878 disablesid 2007695 disablesid 2001595 disablesid 2002157 disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid
Updated by Ermal Luçi almost 12 years ago
- Status changed from New to Resolved
This is done all in php and seems to work ok now.