Updating snort rules
If all goes well, Pulled Pork consolidated all rules into one file at /etc/snort/rules/snort.rules At the time of writing, the file size was around 12 MB. The next part will cover setting up Barnyard2 and My SQL, so you can make use of the data that Snort has logged!A few weeks ago put up a blog post on how to install and configure Snort on Security Onion with Snorby.
Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.
Noting that an automated update really needs to use the Snort "Pulled Pork" script, not anything old!
Rashid is a Senior Contributing Writer for Security Week.
Goal of question Determine if the applicant utilizes computer security resources such as CERT, SANS Internet Storm Center or ICAT.
Email lists such as securityfocus, bugtraq, SANS @RISK, etc. Recent examples of threats will vary depending on current events, but issues such as new web based worms (PHP Santy Worm) or applications, which are in wide use (awstats scripts) are acceptable. What do you see as challenges to successfully deploying/monitoring web intrusion detection?