RB
RE Snort: its actually back with rc 1.2.1rc
glenn
On Sep 26, 2008, at 1:20 PM, RB wrote:
On Tue, Sep 23, 2008 at 10:29, Glenn Kelley <[EMAIL PROTECTED]>
wrote:
sorry - did not mean to sound Ape-ish :-)
I am pretty easy to get along with - or so I hope.
I was a tad harsh; I just think there are better ways to deal with
spam and attackers than blanket deny rules for whole regions. Some
admins, however, are [forced to be] in emergency mode and don't have
the luxury more esoteric solutions and need a right-now fix, in which
case the approach would be more acceptable.
I thought snort was in there as a package -but sure enough - its not.
Seems it dropped out.
My checks concur; maybe it'll re-enter with 1.3.
I think the ideal setup with SnortSAM would be to get a package for it
rolled for pfSense; you then would need 'samtool' (not built by
default when building SnortSAM) on your system that's centrally
collecting the logs, and write a short shell script to use it and the
logs to execute blocks. None of it really requires Snort anyway, just
the [pretty simple] daemon running on pfSense, maybe a short
configuration screen setting up secrets and what IPs can access it.
For those in a hurry, 'pkg_add -r snortsam' would get you a long way
there.
RB
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
