Friday, September 20, 2013

Configure Snort VRT Update In pfSense - Registered Users Only

Configuring snort in pfSense to update the VRT rules is easy. All you have to do is to register for free at the Snort site. Once registered, downloading the updated VRT rules is as easy as 123.

STEP 1: Log-in to your pfSense box



STEP 2: If you have not yet installed Snort. do so at the packages installation

STEP 3: Go to Services --> Snort --> Then click the Global Settings tab

STEP 4: The Snort package in pfSense is snort-2.9.5.6-i386. This is the version for the 32-bit flavor of pfSense. Take note of the version of snort you are using because it determines the type of update to download.

STEP 5: Log-in to the Snort website and get your oinkcode. Copy the oinkcode provided and inside the pfSense box where it says "Snort VRT Oinkmaster Configuration" in the "Global Settings" tab, type the following:

http://www.snort.org/reg-rules/<filename>/<oinkcode here>

Where:

<filename> is the name of the update file, e.g. snortrules-snapshot-2956.tar.gz
<oinkcode> is your own code you got from the Snort site.



Make sure to tick the box "Install Snort VRT Rules" checkbox. You can also download the other rules if you wish. Hit save afterwards.

STEP 6: Go to "update" tab and hit update. There's a 2 to 5 minutes waiting time.

That's it, you're done.

No comments:

Post a Comment