Skip to content
/ snortor Public
forked from bka/snortor

Snortor provides an interface to enable or disable snort rules

Notifications You must be signed in to change notification settings

fidius/snortor

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FIDIUS Snortor

Snortor provides an interface to configure snort rules. You can:

  • import rules
  • export rules
  • find rules by message
  • activate or deactivate single rules
  • import/export possible via scp

Installation

Simply install this package with Rubygems:

$ gem install snortor

Usage

Some examples on how Snortor can be used.

require 'snortor'

# import some rules from remote host
Snortor.import_rules({:host=>"10.10.10.254",:user=>"root",:password=>"xxx",:remote_path=>"/etc/snort/rules/"})

# or import rule files from local path
Snortor.import_rules("/home/user/myrules")

# work with your rules
puts "#{Snortor.rules.size}"
puts "#{Snortor.rules[1].active}"
Snortor.rules[1].active = false

# find specific rules 
rule = Snortor.rules.find_by_msg("BAD-TRAFFIC")
rule.active = true

# find all rules by name
rules = Snortor.rules.find_all_by_msg("BAD-TRAFFIC")    
rules.each do |rule|
  rule.active = false
end

Snortor.export_rules({:host=>"10.10.10.254",:user=>"root",:password=>"xxx",:remote_path=>"/etc/snort/rules/"})

Authors and Contact

fidius-evasiondb was written by

If you have any questions, remarks, suggestion, improvements, etc. feel free to drop a line at the addresses given above. You might also join #fidius on Freenode or use the contact form on our website.

Acknowledgement

This Gem uses snort-rule from Chris Lee which provided the ability to parse rules.

License

Simplified BSD License and GNU GPLv2. See also the file LICENSE.

About

Snortor provides an interface to enable or disable snort rules

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published