[Snort-sigs] Sig tarball directory structure question

Matthew Watchinski mwatchinski at ...435...
Wed Sep 26 16:18:17 EDT 2007


This is on purpose, well inclusion of the etc/ directory and the moving
of snort.conf.  The CVS stuff is my bad, I'll get that cleaned up.

Thanks
-matt

JP Vossen wrote:
> I have not been following Snort for a while, but recently did some 
> scripting work to download the rules tarballs at work, using our 
> Oinkcode.  Note my script only runs Mon-Thr, so I may skip  some releases.
> 
> Unless I am doing something seriously wrong:
> 
> snortrules-snapshot-2.6_s.tar.gz from 2007-09-19 (and all previous I 
> checked) has this dir structure:
> 
> $ tar tvzf 20070919.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
> drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-18 14:52:38 rules/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:33 doc/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 doc/signatures/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 so_rules/
> 
> $ md5sum 20070919.d/snortrules-snapshot-2.6_s.tar.gz
> 78d2286e9356d8e0495e35580f4a75f6 20070919.d/snortrules-snapshot-2.6_s.tar.gz
> 
> 
> But the one from today (2007-09-26) looks like this:
> 
> $ tar tvzf 20070926.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
> drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:58:48 rules/
> drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:57:15 rules/CVS/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/CVS/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:00:53 doc/signatures/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/signatures/CVS/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:01:24 so_rules/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/
> drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/CVS/
> 
> $ md5sum 20070926.d/snortrules-snapshot-2.6_s.tar.gz
> f8c97b82d73b6d870aff8371e3f53bb7 20070926.d/snortrules-snapshot-2.6_s.tar.gz
> 
> 
> That's a *big* difference and I can't find anything in the tarball 
> itself, last 45 or so days sig,user,ann ML archives or in the snort.org 
> news back to July.  From my perspective the 2 things that are most 
> important are 1) CVS cruft and 2) *.conf moved from ./rules/ to ./etc/.
> 
> Is this on purpose and will it say this way?  Is there some announcement 
> I missed?
> 
> Note, that as long at the structure becomes stable, I don't care what it 
> looks like.  In fact, the *.conf in etc makes some sense to me.  But I'd 
> guess I'm not the only person expecting *.conf to be in ./rules/...
> 
> Thanks,
> JP
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
> My Account, My Opinions     |=========|      http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> Microsoft has single-handedly nullified Moore's Law.
> Innate design flaws of Windows make a personal firewall, anti-virus
> and anti-malware software mandatory. The resulting software arms race
> has effectively flattened Moore's Law on hardware running Windows.
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 





More information about the Snort-sigs mailing list