rule-update: have server use barnyard2 to update Snorby reference table #551

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
rule-update:

source /etc/nsm/securityonion.conf
if [ -d /var/lib/mysql/snorby ] && [ "$SNORBY_ENABLED" = "yes" ]; then
  if [ ! -f /etc/nsm/rules/gen-msg.map ]; then cp /etc/nsm/templates/snort/gen-msg.map /etc/nsm/rules/; fi
  if [ ! -f /etc/nsm/rules/classification.config ]; then
                grep -h -v "^#" /etc/nsm/templates/snort/classification.config /etc/nsm/templates/suricata/classification.config |sort -u > /etc/nsm/rules/classification.config
  fi
  if [ ! -f /etc/nsm/rules/reference.config ]; then
                grep -h -v "^#" /etc/nsm/templates/snort/reference.config /etc/nsm/templates/suricata/reference.config |sort -u > /etc/nsm/rules/reference.config
  fi
  mysql snorby -e "delete from sig_reference; delete from reference;"
  barnyard2 -c /etc/nsm/barnyard2-snorby/barnyard2.conf

Original issue reported on code.google.com by doug.bu...@gmail.com on 6 Jun 2014 at 6:41

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/pF7U4gjOxOM/discussion

Published:
http://blog.securityonion.net/2014/06/new-barnyard2-nsm-rule-update-and.html

Original comment by doug.bu...@gmail.com on 16 Jun 2014 at 11:19

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/pF7U4gjOxOM/discussion

Published:
http://blog.securityonion.net/2014/06/new-barnyard2-nsm-rule-update-and.html

Original comment by doug.bu...@gmail.com on 16 Jun 2014 at 11:19

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment