There are two forms of hank rules: front-end and back-end. Front-end rules are what are distributed around from person to person. They describe an attack, its name, its catalog number, its severity. That front-end file is then transformed via an XML style sheet transformation (xslt) to a back-end file, which is a tree of hank events. That xslt determines what firewalling is applied to which rules, if any, along with any other policy transformations (like reporting policies, etc.)

You can take a front-end file and transform it using any of the policy transforms in the hank source tree, or you can write your own. Use the libxsl application, xsltproc, like this:

xsltproc ./policy-strict.xsl ./hank_rules_final.xml > ./hank_rules_backend.xml

If you don't want to do that, then here is a harmless back-end file with which to play. It results from transforming the below front-end file using the file "policy-none.xsl" from the hank source code.

You can find a front-end rules file here. Since it's xml, you'll probably have to download it rather than view it, as it is liable to confuse your browser.

To create your own front-end rule file, just run a command like this on a random snort ruleset:

	rick% cat snort.conf | ../cvs/hank/ 1 > hank_rules_final.xml

SourceForge Logo
Send comments to Todd Lewis.