Re: Splitting up snort
On Thu, Mar 22, 2001 at 11:44:29PM +0100, Robert van der Meulen wrote:
> Hi,
>
> 'snort' is a network intrusion detection system. Apart from the binary and
> the 'standard' config files, there are some configfile 'libraries'
> (currently in /etc/snort), containing attack patterns to scan the network
> for.
> I think /etc/snort is not the correct place to have these attack patterns,
> and i'd like to move these to /var/lib/snort.
> Then i'd like to split snort up in a 'snort' package, and a 'snort-patterns'
> package, the second containing the attack pattern files, to allow people to
> install newer versions of the attack patterns, made available in a .deb, so
> the complete package doesn't need upgrading, when the pattern files change.
> This would allow 'unstable'-users to keep up with the rulefiles, and
> 'stable'-users to install a new ('unstable') pattern library.
>
> Would /var/lib/snort be a correct location for these patterns ?
> Can a package contain only 'configuration' files ?
Actually, you can download, modify, and create your own snort rules. Therefore,
I rather like having mine in /etc and they should probably be treated as conf
files as well. I don't like having my work and/or downloads overwritten without
me telling it to do so.
> Greets,
> Robert
> --
> Linux Generation
> "You must have an IQ of at least half a million." -- Popeye
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Adam VanderHook
acidos@users.sourceforge.net
http://www.capcol.edu/student/avanderhook/
Reply to: