TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Webmaster:
Blaise Carrera
SNORT - The Easy Tutorial - The Bleegindsnort Rules

Snort Bleeding
Last Change : Feb 17 2010 french flagenglish flag


Tool
Install
Ergonomy
Forum



Details What is Snort ?
Screenshots
Prerequisites
Snort
BASE
Update Snort
Bleedingsnort Rules
Port Mirroring



⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!


THE BLEEDING SNORT RULES

You can use another set of rules for snort made by a free and dynamic community:
http://www.bleedingsnort.com
The difference with the snort rules made by sourcefire is that you can get the rules for free immediately after their releases.

Another good news is that you can use the oinkmaster perl script to downlaod and update the bleeding rules.

Open /etc/oinkmaster.conf and add the following line to update the rules:

url = http://www.bleedingsnort.com/bleeding.rules.tar.gz
We then need to add the following lines inside /etc/snort/snort.conf

include $RULE_PATH/bleeding.rules
include $RULE_PATH/bleeding-attack_response.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-drop.rules
include $RULE_PATH/bleeding-dshield.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-game.rules
include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-web.rules
They indicate which rules will be used. If you add a "#" at the beginning of certain chosen lines, the corresponding rules will not be used. Running the oinkmaster script will download the bleeding rules and tell you if there is a problem:

#su oinkmaster
#oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1