Sign in to follow this  
Followers 0

Process rules based on policy change

1 post in this topic

The ips_policy switch has three settings:

  1. balanced
  2. connectivity
  3. security

The default ips_policy switch is set to security. If at any time you want to change the ips_policy switch in the pulledpork.conf it will require an additional two switches added to the end of the run line, and the new run line must be ran.

perl d:\winids\pulledpork\ -c d:\winids\pulledpork\etc\pulledpork.conf -nPT

The above run line will only process the local rules for the new policy change on the fly without processing the signatures! This run line will not update the rules from the rules repository. It will only update the policy selection from the existing set of rules!

The rules should be checked for errors after the update for validation, and the WinIDS must be restarted.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0