[Snort-sigs] Sig tarball directory structure question

JP Vossen jp at ...1432...
Wed Sep 26 15:29:43 EDT 2007


I have not been following Snort for a while, but recently did some 
scripting work to download the rules tarballs at work, using our 
Oinkcode.  Note my script only runs Mon-Thr, so I may skip  some releases.

Unless I am doing something seriously wrong:

snortrules-snapshot-2.6_s.tar.gz from 2007-09-19 (and all previous I 
checked) has this dir structure:

$ tar tvzf 20070919.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-18 14:52:38 rules/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:33 doc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 doc/signatures/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 so_rules/

$ md5sum 20070919.d/snortrules-snapshot-2.6_s.tar.gz
78d2286e9356d8e0495e35580f4a75f6 20070919.d/snortrules-snapshot-2.6_s.tar.gz


But the one from today (2007-09-26) looks like this:

$ tar tvzf 20070926.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:58:48 rules/
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:57:15 rules/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:00:53 doc/signatures/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/signatures/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:01:24 so_rules/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/CVS/

$ md5sum 20070926.d/snortrules-snapshot-2.6_s.tar.gz
f8c97b82d73b6d870aff8371e3f53bb7 20070926.d/snortrules-snapshot-2.6_s.tar.gz


That's a *big* difference and I can't find anything in the tarball 
itself, last 45 or so days sig,user,ann ML archives or in the snort.org 
news back to July.  From my perspective the 2 things that are most 
important are 1) CVS cruft and 2) *.conf moved from ./rules/ to ./etc/.

Is this on purpose and will it say this way?  Is there some announcement 
I missed?

Note, that as long at the structure becomes stable, I don't care what it 
looks like.  In fact, the *.conf in etc makes some sense to me.  But I'd 
guess I'm not the only person expecting *.conf to be in ./rules/...

Thanks,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.




More information about the Snort-sigs mailing list