$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
#$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8.tar.gz";
} else {
- $url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
+ $url="http://www.emergingthreats.net/rules/emerging.rules.tar.gz";
}
if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" )
foreach my $rulefile (sort keys(%snortrules)) {
my $rulechecked = '';
+ # Hide inkompatible Block rules
+ if ($rulefile =~'-BLOCK.rules') {
+ next;
+ }
+
# Check if reached half-way through rule file rules to start new column
if ($ruledisplaycnt > $rulecnt) {
print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
'clock last synchronized at' => 'Die Uhr wurde zuletzt synchronisiert um',
'comment' => 'Kommentar',
'common name' => 'Gemeinsamer Name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Kompression',
'compression' => 'Kompression:',
'computer to modem rate' => 'Übertragungsrate zwischen Computer und Modem:',
'intrusion detection' => 'Einbruchdetektierung',
'intrusion detection system' => 'Intrusion Detection System',
'intrusion detection system log viewer' => 'Betrachter der IDS-Logfiles',
-'intrusion detection system rules' => 'Íntrusion Detection System Regeln',
+'intrusion detection system rules' => 'Intrusion Detection System Regeln',
'intrusion detection system2' => 'Intrusion Detection System:',
'invalid broadcast ip' => 'Ungültige Broadcast-IP',
'invalid cache size' => 'Ungültige Cache-Größe.',
'clock last synchronized at' => 'Clock was last synchronized at',
'comment' => 'Description:',
'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Compression:',
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
'clock last synchronized at' => 'Clock was last synchronized at',
'comment' => 'Description:',
'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Compression:',
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
'clock last synchronized at' => 'Clock was last synchronized at',
'comment' => 'Description:',
'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Compression:',
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
case "$1" in
start)
+ # Disable incompatible rules
+ for file in $(ls /etc/snort/rules/*.rules); do
+ sed -i 's|^alert.*!\[\$DNS_SERVERS|#&|g' $file
+ sed -i 's|^alert.*!\$SSH_PORTS|#&|g' $file
+ sed -i 's|^alert.*!\$HOME_NET|#&|g' $file
+ sed -i 's|^alert.*!\$SQL_SERVERS|#&|g' $file
+ done
+
for DEVICE in $DEVICES; do
boot_mesg "Starting Intrusion Detection System on $DEVICE..."
/usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/