Re: Updating Snort Signatures In Stable ?
On Fri, 06 Dec 2002 04:18:52 +0000, I wrote:
>I've been running Snort for a month or so now on a Woody box at work,
>and am now wondering whether the Debian Project (or packager) has a
>Plan for providing signature file updates to users of the stable
>distribution.
Well thanks for the answers folks - it seems clear (especially after
checking http://www.snort.org/dl/rules/, which says "If you are using
a version before 1.9.x, please upgrade") that I should stop using the
Debian stable V1.8.4 package and switch to hand-built V1.9.0 made from
source - and I'll gladly grab Kristof's signature update script and
adapt to my needs (thanks for that).
[I hope my current MySQL and Acidlab backend works with the later
Snort - I guess I'm about to find out ..]
I'd suggest maybe a note about V1.8.4 being "useless" should be added
to http://packages.debian.org/stable/net/snort.html, along with some
advice about getting signature updates (i.e. roll your own).
IIRC "important new versions of existing packages" are allowed into
point releases, so maybe Woody's main Snort engine binary packages can
be updated when 3.0r1 happens.
And I still think it'd be nice if we could find a way to package up
and push out stable signature updates - but I can see why that would
be difficult to set policy for.
Cheers,
Nick Boyce
Bristol, UK
--
"... the fundamental design flaws are completely hidden by the
superficial design flaws."
Douglas Adams(1952 - 2001): So Long and Thanks For All The Fish.
Reply to: