SNORT_INLINE - The Easy Tutorial - The Bleegindsnort Rules

Snort_Inline Bleeding Rules
Last update: 23-Apr-2007 english flag

Tool
Install
Ergonomy
Forum

Details What is Snort_Inline?
Screenshots
Prerequisites
Installation
Oinkmaster - Snort Rules
Oinkmaster - Bleeding Rules
Run Snort_Inline
BASE
Bridging

THE BLEEDING SNORT RULES

You can use another set of rules for Snort_Inline made by a free and dynamic community:
http://www.bleedingsnort.com
The difference with the snort rules made by Sourcefire is that you can get the rules for free immediately after their releases.

Another piece of good news is that you can use the Oinkmaster perl script to download and update the bleeding rules.

Open /etc/oinkmaster.conf and add the following line to update the rules:

url = http://www.bleedingsnort.com/bleeding.rules.tar.gz
We then need to add the following lines inside /etc/snort_inline/snort_inline.conf

include $RULE_PATH/bleeding.rules
include $RULE_PATH/bleeding-attack_response.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-drop.rules
include $RULE_PATH/bleeding-dshield.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-game.rules
include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-web.rules

They indicate which rules will be used. If you add a "#" at the beginning of certain chosen lines, the corresponding rules will not be used. Running the oinkmaster script will download the bleeding rules and tell you if there is a problem:

#su oinkmaster
#oinkmaster -o /etc/snort_inline/rules -b /etc/snort_inline/backup 2>&1