Is it possible to just use one of these directories and still have psad and
fwsnort work properly?
/etc/psad/snort_rules
/etc/fwsnort/snort_rules
I was thinking of using /etc/fwsnort/snort_rules and set psad's config
parameter to:
SNORT_RULES_DIR /etc/fwsnort/snort_rules;
Consolidating will ease the work in having to maintain two sets of
snort_rules.
I did see one file, /etc/psad/snort_rules/reference.config, that's not in
/etc/fwsnort.
I reviewed the files in each directory using the diff command and I did see
some differences, but the difference is in a comment:
[r...@dev2 ~]# diff /etc/psad/snort_rules/telnet.rules
/etc/fwsnort/snort_rules/telnet.rules
3c3
< # $Id: telnet.rules 1539 2006-05-29 02:44:04Z mbr $
---
> # $Id: telnet.rules 270 2006-06-27 03:05:09Z mbr $
Gil Vidals / President
gvid...@vmracks.com
vmracks.com <http://www.vmracks.com> - ESX Hosting
t. 760.480.4942 f. 760.480.8271
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
