Let's say ossec_2.8 will be released with rules_2.8. Two months later, an updated rules_2.8_u1 is available and is applied (we need to decide whether this is done via install.sh, or by simply updating the rule files directly) Four months later, an updated rules_2.8_u2 is available and is applied.
Six months later, ossec_2.9 is ready with rules_2.9, which should be at least rules_2.8_u2 level, plus maybe some 2.9 unique stuff. When running 2.9 install.sh, if you answer Yes to update rules, all rules will be brought to the rules_2.9 level. If you answer No, none of the existing rules will be touched. Isn't this good enough? For rules_2.8_u1 and _u2, I think it might be easier simply to replace the rule files instead of running install.sh. What do you think? On Friday, March 21, 2014 12:51:46 PM UTC-7, Jeremy Rossi wrote: > > On think that needs to be tested and taken in to account in the upgrade > process used. Currently using ./install.sh will ask to update rules. > What do we what to do about this? This would also need the most testing > in my mind. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
