Morpheus Posted February 8, 2016 Report Posted February 8, 2016 The ips_policy switch has three settings: balanced connectivity security The default ips_policy switch is set to security. If at any time you want to change the ips_policy switch in the pulledpork.conf it will require an additional two switches added to the end of the Pulledpork run line to process the new ips_policy. Open a CMD prompt type as Administrator and type 'perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -nPT' (less the outside quotes) and tap the Enter key. The above run line will only process the local rules for the new policy change on the fly! This run line will not update the rules from the rules repository. It will only update the policy selection from the existing set of rules! The rules should be checked for errors after the update for validation, and Snort must be cycled! Open a CMD prompt type as Administratort 'd:\winids\snort\bin\snort -c d:\winids\snort\etc\snort.conf -l d:\winids\snort\log -ix -T' (less the outside quotes) and tap the 'Enter' key. Note: In the interface switch above (-ix), the x will be substituted for the Index number of the monitoring NIC. If all the tests are passed, the following is a confirmation that the Snort configuration file and rules have tested good. Snort successfully validated the configuration! Snort exiting Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.