« rm -rf $SIG_DIR

Snort Signature Manager

As far as I know, there’s really nothing that does this — at least nothing that does it the way I want to. As I have mentioned, Aanval has this functionality, but it is … horrible… at best. I’ve been working on writing a web-based signature management interface for the last few weeks. I currently have something that is stable, though slightly buggy. It’s not nearly done — I’ll likely make many changes in the near future. (Most noteably, support for multiple policies with inheritence.) Just in case anyone stumbles upon this and wants to help/try it, I’ve uploaded the code to http://www.uri.edu/security/software/sigmanager.tar.gz. …

This entry was posted on Wednesday, June 18th, 2008 at 0951:20 and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Snort Signature Manager”

  1. Richard Clyne Says:
    July 14th, 2008 at 0907:47

    I found this and it looks like it could be very interesting - now to see if it will install….

  2. Bowser Says:
    July 14th, 2008 at 0916:19

    Hm. There’s no installer, and I don’t think I even included a .sql file with it… oops. :p

  3. Richard Clyne Says:
    July 24th, 2008 at 0646:37

    I am away for the next two weeks or so. When I get back, I’ll have another look at this. Thanks for the the update

  4. Richard Clyne Says:
    September 25th, 2008 at 1103:44

    A long two weeks but I am back in a position to look at this - should i start with what I have downloaded or is there something more recent I should try?

  5. Bowser Says:
    September 29th, 2008 at 0926:57

    I haven’t touched it in a while, so before replying, I figured I’d download the code and try installing it.

    Needless to say, it didn’t go over well. There was a table missing from tables.sql, I didn’t bother to include a required include file, and probably other errors. Originally, this was intended for internal use only, so I didn’t bother being as neat as I usually am, and unfortunately, I don’t have a QA team :(.

    I’m making some changes now so it actually *installs*. I’ll upload that to the same URL shortly.

  6. Bowser Says:
    October 2nd, 2008 at 1448:11

    Seems to work “smoothly” now. Well, for the most part. It’s largely un(tested|documented).

    Of note is that via current setup, it requires php5 + mysqli (regular mysql can be used by changing a line in sig-header.php to include class-mysqldb instead of class-mysqlidb)

Leave a Reply