Bug #1749
closed
Added by Ermal Luçi over 13 years ago.
Updated over 12 years ago.
Description
The present snort package architecture will forget any customization done to the rules and categories after a rules update.
I too have noticed this problem. Even though Snort will say "reapplying enabled/disabled rules" when doing an updated it WILL NOT in fact actually reapply previous enables/disables. It looks like Snort was designed with this in mind, but it's broke. Coding should already be there, if someone could take a quick peak it should be a easy fix.
Running, pfSense 2.1 Developmental, AMD64
I am seeing this issue with 2.0 release, amd64. The process that autogenerates oinkmaster_nnnnnn_em0.conf is creating a bad file with a lot of incomplete disablesid and enablesid lines. It also appears that snort is not interpreting any of the good lines in the file either.
My oinkmaster.conf:
###########################################
# #
# this is auto generated on snort updates #
# #
###########################################
path = /bin:/usr/bin:/usr/local/bin
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
url = dir:///usr/local/etc/snort/rules
enablesid
enablesid
disablesid 2002878
disablesid 2007695
disablesid 2001595
disablesid 2002157
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
disablesid
- Status changed from New to Resolved
This is done all in php and seems to work ok now.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Ermal Luçi