[Snort-sigs] oinkmaster and so rules.. FAQ broken?

Michael Scheidell michael.scheidell at ...1331...
Tue Feb 8 19:44:59 EST 2011


so, the oinkmaster FAQ is offline, or missing, and I want to know how to 
use oinkmaster on our VRT rules to pull down and compile the binaries 
locally.

i see these in the tarball (which I had to pull down manually.. since 
oinkmaster deletes it)

drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/
-rw-r--r--  0 vrtbuild vrtbuild     373 May 31  2010 so_rules/imap.rules
drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/src/
-rw-r--r--  0 vrtbuild vrtbuild    1344 Nov 12  2008 
so_rules/src/web-misc_base64_decode.h
-rw-r--r--  0 vrtbuild vrtbuild    3980 Nov  4 09:48 
so_rules/src/dos_ms06-32.c
-rw-r--r--  0 vrtbuild vrtbuild    6016 May 31  2010 
so_rules/src/imap_mercur-imapd-ntlmssp.c
-rw-r--r--  0 vrtbuild vrtbuild    7537 Nov  4 09:39 
so_rules/src/smtp_mailenable-ntlm.c
-rw-r--r--  0 vrtbuild vrtbuild    6918 Nov  4 09:41 
so_rules/src/multimedia_cve-2008-5616-mplayer-demux-open-vqf-bo.c
-rw-r--r--  0 vrtbuild vrtbuild    6008 Oct  3 18:59 
so_rules/src/misc_mysql-com-table-dump.c
-rw-r--r--  0 vrtbuild vrtbuild    5858 May 31  2010 
so_rules/src/nntp_xhdr-bo.c
-rw-r--r--  0 vrtbuild vrtbuild    1344 Dec  8  2008 
so_rules/src/netbios_base64-decode.h
-rw-r--r--  0 vrtbuild vrtbuild    1957 Sep 28 14:47 so_rules/src/snmp_ber.h

so, how to I get oinkmaster to LEAVE them where I can get at them?

(no, I need precompiled rules for freebsd 7.3 amd64.)
so, since there arn't any, I have to compile them myself.  no big deal, 
I just want to know how to get oinkmaster to leave them there.

while I am at it, how do I keep the new preproc_rules:
got this, should't it keep anything that ends in *.rules?

update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$

do I need something like:
update_files = 
\.rules$|\.config$|\.conf$|\.txt$|\.map$|../so_rules/src/*|../preproc_rules/*




-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best in Email Security,2010: Network Products Guide
    * King of Spam Filters, SC Magazine 2008


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110208/ab71cd69/attachment.html>


More information about the Snort-sigs mailing list