© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
snapshot-2.6.tar.gz
Save the file and then give it a test by running Oinkmaster manually.
cd /etc/snort/rules
oinkmaster -o .
You should now have the rules files populated in the /etc/snort/rules directory. To
check this list the files in that directory. You will see the files containing signatures
if Oinkmaster is working properly.
ls
To learn more about Oinkmaster it is recommended that you read the
documentation, specifically the README file located on this page:
http://oinkmaster.sourceforge.net/readme.shtml
NOTE: At the time of this writing, there appears to be something wrong with the
syntax of the telnet rules so you may need to remove that rule or otherwise fix the
syntax. To remove the telnet rules you should modify your /etc/snort.conf file by
commenting out the line including telnet.rules
Change:
include $RULE_PATH/telnet.rules
So that it looks like:
# include $RULE_PATH/telnet.rules
Ok, Oinkmaster is installed. You can use this program manually by using the
commands shown next. Or you can setup a cronjob to do it for you on a routine
basis.
cd /etc/snort/rules
oinkmaster -o .
