LuKreme wrote: > On 9-Dec-2008, at 08:15, Karsten Bräckelmann wrote: >> On Tue, 2008-12-09 at 08:51 +0000, Nigel Frankcom wrote: >>> I haven't seen an update from sa-update in months. What version is >>> current? >> >> Nigel, Chris wasn't talking about the stock rule-set, but the >> third-party JM_SOUGHT rules. The latter usually are updated multiple >> times a day, while the stock rules are updated very infrequently only, >> when needed. > > > How does one use sa-update to find/get new 3rd party rules? As I > recall, rules-du-jour was EOLed. > > Or do you have to get them first, then sa-update will update them? > > I'm thtinking the old rules like > > random.cf > tripwire.cf > 70_sc_top200.cf > Botnet.pm > 70_sare_uri_eng.cf > > etc should all be removed? >
Both the official SA rules and 3rd party rules can be updated via sa-update. For information and instructions, see: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt Bill
