Splitting up snort

To: debian-devel@lists.debian.org
Subject: Splitting up snort
From: Robert van der Meulen <rvdm@cistron.nl>
Date: Thu, 22 Mar 2001 23:44:29 +0100
Message-id: <[🔎] 20010322234429.B7720@lin-gen.com>

Hi,

'snort' is a network intrusion detection system. Apart from the binary and
the 'standard' config files, there are some configfile 'libraries'
(currently in /etc/snort), containing attack patterns to scan the network
for.
I think /etc/snort is not the correct place to have these attack patterns,
and i'd like to move these to /var/lib/snort. 
Then i'd like to split snort up in a 'snort' package, and a 'snort-patterns'
package, the second containing the attack pattern files, to allow people to
install newer versions of the attack patterns, made available in a .deb, so
the complete package doesn't need upgrading, when the pattern files change.
This would allow 'unstable'-users to keep up with the rulefiles, and
'stable'-users to install a new ('unstable') pattern library.

Would /var/lib/snort be a correct location for these patterns ?
Can a package contain only 'configuration' files ?

Greets,
	Robert
-- 
			      Linux Generation
	"You must have an IQ of at least half a million."  -- Popeye

Reply to:

Follow-Ups:
- Re: Splitting up snort
  - From: Itai Zukerman <zukerman@math-hat.com>
- Re: Splitting up snort
  - From: Adam VanderHook <avanderhook@capitol-college.edu>
- Re: Splitting up snort
  - From: John Galt <galt@inconnu.isu.edu>
- Re: Splitting up snort
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: /.kde and /.gnome* - policy?
Next by Date: Re: Splitting up snort
Previous by thread: Re: ITP: nscache
Next by thread: Re: Splitting up snort
Index(es):
- Date
- Thread