[Snort-sigs] Duplicate sids in deleted.rules

Andreas Östling andreaso at ...58...
Tue Jun 17 12:09:03 EDT 2003


On Tue, 17 Jun 2003, Hugo van der Kooij wrote:

> So there seems to be something more going on.

The tarball contained a few duplicates for a little while but even when
they were removed, oinkmaster still complained about duplicates in the
local (i.e. old) file. It happens since oinkmaster takes rule by rule in
each local file and checks if that rule exists in the tarball and is
equal, so a duplicate rule just gives another matching comparison, which
means the local file won't get updated to the version without the
duplicates unless there had actually been any changes in it.

So to make oinkmaster shut up about dup warnings, remove the local files
containing them and it should be fixed after the next update (or simply do
some dummy change in them, which will also cause the file to be replaced).

I'll soon commit a simple fix so that duplicate sids can never make it
to the local files in the first place.

/Andreas




More information about the Snort-sigs mailing list