#38: Test snort rule update
------------------------+---------------------------------------------------
Reporter: rmcmillen | Owner: rmcmillen
Type: task | Status: assigned
Priority: major | Milestone: roo-1.4
Component: Honeywall | Version: 1.4b3
Resolution: | Keywords:
------------------------+---------------------------------------------------
Changes (by rmcmillen):
* status: new => assigned
* owner: [EMAIL PROTECTED] => rmcmillen
Comment:
UI menu added to walleye (See ChangeSet 56). hwruleupdate works properly
and places new rules in /etc/snort/rules. However, it does not regenerate
the sid-msg.map nor does it load it to the db. This can potentially
result in an unknown signature value in walleye when it tries to display
the alerts.
Also, it does not restart snort by default to use the new rules. However,
since the rules are placed in the proper location, if snort is restarted,
it will use the new rules.
Todo:[[BR]]
1. recreate /etc/snort/rules/sid-msg.map when new rules are added.[[BR]]
2. load new sid-msg.map to db when new rules are added.[[BR]]
3. test (cannot test till tomorrow because I have already exceeded my max
download for the day).
--
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/38#comment:2>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
