I think the way that, for example, mod_security does this would be totally fine. A separate rule-set is just something that some just aren't used to currently. It's a little mindset change, but not that uncommon. I'm quite used to pulling rule-sets for snort, mod_security and other intrusion/av stuff from a separate package.
I think it would be a great idea and allow for more flexibility and faster releases/additions/fixes separately from the binaries. Artien Bel Wilt u mij vertrouwelijke of gevoelige data sturen, gebruik encryptie via SSL (S/MIME) of PGP. Mijn public PGP key kunt u vinden op de PGP server <http://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0xDB2105F99AC0B9E1> en MIT server <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDB2105F99AC0B9E1>. If you want to send me confidential or sensitive data, please use encryption via SSL (S/MIME) or PGP. My publick PGP key is available on the PGP server <http://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0xDB2105F99AC0B9E1> and the MIT server <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDB2105F99AC0B9E1>. On 03/21/2014 02:54 AM, Michael Starks wrote: > On 03/20/2014 06:57 PM, Vic Hargrave wrote: >> Is the community in full agreement over dropping the rules from the >> ossec-hids package? I for one don't think it is a good idea and would >> create work to rip them out. Why not start out simple and add >> complexity gradually? I'm also more in favor of having a base set of >> rules so that OSSEC does something right out of the box. > > OSSEC should be useful out of the box. It should ship with a default > ruleset like AV ships with DATs that are current at that time, then > updates as new rules are written or updated. >
smime.p7s
Description: S/MIME Cryptographic Signature
