Updating Snort Rules Offline

[Jeffrey <blueeyes.online () gmail com>]

Hello,
     I am hoping you can assist me.  I am using Security Onion and I am
attempting to update my Snort IDS rules in it offline (it does not have
internet connectivity).  I am not finding any easy steps on how to do this
online anywhere.

I have downloaded the "community-rules.tar.gz" and
"snortrules-snapshot-2970.tar.
gz" rule packages manually from Snort.org already.

So far I have completed the following steps:

1. Copied both rule packages to the Desktop of Security Onion

2. Ran both Phase I and Phase II of the Security Onion setup (Security
Onion is up and running now)

3. I went to the /etc/nsm/securityonion.conf file and changed the
LOCAL_NIDS_RULE_TUNING=no to LOCAL_NIDS_RULE_TUNING=yes.

At this point where do I copy these packages to before I run the
rule-update command for PulledPork to process them?  Am I missing any other
steps that I need to complete first too?

I don't know if you can help me or not, but it would be appreciated.

Sincerely,
Jeffrey Hilgers

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!