[Snort-sigs] Recent Rule Changes

Mike Guiterman mguiterman at ...435...
Thu Jul 1 10:55:16 EDT 2010


Hi John,

You do bring up a good point as to why  _s is no longer necessary.
Subscriber or Registered User access is now determined automatically based
on oinkcode - so the file name differences are no longer necessary.  Users
downloading via oinkmaster/pulled_pork will automatically get the latest
file they have permissions for.

JJ is on this list and is better suited than me to comment specifically on
pulled_pork.

Mike

On Thu, Jul 1, 2010 at 10:08 AM, John York <YorkJ at ...855...> wrote:

> Joel allegedly said:
> >Date: Wed, 30 Jun 2010 18:43:50 -0400
> >From: Joel Esler <jesler at ...435...>
> >Subject: [Snort-sigs] Recent Rule Changes
>
> <snip>
>
> >For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort
> 2.8.5.3, the download links >would look as
> >follows:
>
> >Subscriber Release
> >http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
> >http://www.snort.org/sub-rules/snortrules-snapshot-2853.tar.gz/OINKCODE
>
> >Registered User Release
> >http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
> >http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/OINKCODE
>
> >You will notice in the above urls the difference in between the two
> "sub-rules" vs. "reg-rules".  >You will also notice something else, we no
> longer have "_s" in the URL anymore.  Many people were >getting confused in
> the difference, and we wanted to clear that up by changing the URL easier to
> >recognize.
>
> <snip>
>
> I've been troubleshooting other problems I'm having downloading rules with
> pulledpork.  Either I'm misunderstanding the thread that tells what the new
> url's are, I'm misreading the pulledpork 0.4.2 perl code, or pulledpork has
> a bug.  It looks to me that it always downloads reg-rules, and doesn't have
> any way in the config file to specify reg-rules or sub-rules...
>
> Thanks
> John
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100701/336ad0ec/attachment.html>


More information about the Snort-sigs mailing list