Updating Snort Signatures In Stable ?
I've been running Snort for a month or so now on a Woody box at work,
and am now wondering whether the Debian Project (or packager) has a
Plan for providing signature file updates to users of the stable
distribution.
The snort-rules-default package available in stable never gets updated
- nor would we normally expect it to unless a security vulnerability
arises - but obviously IDS signatures must be kept up to date on a
*timely* basis, just like antivirus package signatures, for the
package to be fully effective.
I don't intend any criticism, but do wonder what we're expected to do
about this - download fresh signatures straight from www.snort.org ?
If so, are there any special steps required to integrate such a
download into our Debian Woody system ?
Alternatively, I note there are later signature packages in testing
and unstable - can we use those on a Woody system ?
I searched the debian-security archive but didn't hit any items
discussing this, so maybe it's a dumb question - sorry, I'm a newb
here.
Thanks for _any_ comments at all.
Nick Boyce
Bristol, UK
--
Stenderup's Law: The sooner you fall behind, the more time you will have to catch up.
Reply to: