[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating Snort Signatures In Stable ?



On Fri, Dec 06, 2002 at 04:18:52AM +0000, Nick Boyce wrote:
> I've been running Snort for a month or so now on a Woody box at work,
> and am now wondering whether the Debian Project (or packager) has a
> Plan for providing signature file updates to users of the stable
> distribution.

This has been discussed before.  The thing is, I think that if you're
serious about using snort, you should not even consider using the one in
Debian.  snort.org doesn't even distribute up-to-date rules files for
the version in stable.  So if you want to have a useful ruleset, you
either need to figure out how to write it for the version in stable, or
you need to get a new version from snort.org.  Either way, you're
working "outside" the Debian system.

There have been proposals for the creation of a dynamic section of the
Debian distribution to contain data that frequently changes.  However,
in the case of snort, where the new data may well not work with the old
software, this doesn't help.  Really, I don't think snort should be
packaged in Debian at all.  It's one of those things that needs to be
current in order to be useful, and we just can't provide that.
Providing an ineffective version is doing a disservice to our users,
since it provides them with incorrect data (e.g. by telling them that
there are no known vulnerabilities on the machines they scan).

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpXunKXkJ0Np.pgp
Description: PGP signature


Reply to: