For people who loves snorting, I've created a script that will compare old and new snort rules. This script will comment out rule in the new snortrule if it finds out that, if that rule was commented out in your old snortrule. So, hindi na kayo mahihirap na comment ulit isa-isa.
Nagdagdag na rin ako ng auto download. Actually, I got the code from the snort mailing list before but it wasn't really useful kasi it was able to properly handle special characters like "\". Since I needed it, and my clients needed it too, kailangan gawin. So, I've managed to fix it. :-) You can download the script at http://promiscuous.dyndns.org/updaterule.sh.txt Usage: Wala kasing doc iyan eh. Assuming na ang old rules mo resides in /etc/snort. % updaterule.sh /etc/snort /etc/snorttemp The /etc/snorttemp will be created when the script is run. So, what happens is, 1. it reads each filename.rules line by line in the old snort rule/etc/snort 2. then checks if it's commented out 3. if it was commented out, check the existence of that commented rule in the new rule 4. then if it is found in the new rule, comment it out too 5. then loop back again until all the *.rules had been read There could be some bugs. Please let me know. neil camara ([EMAIL PROTECTED]) - cc{na|sa}, mcse - pgp 0x777777B2 network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' -------------------------------------------------------------------------- ---o0 Statement of Confidentiality 0o--- The contents of this message and its attachments and subsequent additions are strictly confidential and proprietary and intended solely for the addressee(s) hereof. If you are not the named addressee, or this message has been addressed to you in error, you are directed not to read, disclose, reproduce, distribute, disseminate or otherwise use thistransmission. Delivery of this message to any other person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. If you have received this transmis- sion in error, please alert the sender by reply e-mail; we also request that you immediately delete this message and its attachments, if any. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
