[Snort-sigs] oinkmaster and so rules.. FAQ broken?

Joel Esler jesler at ...435...
Tue Feb 8 19:52:21 EST 2011


Have you tried pulledpork?  It takes care of all this for you (plus much more)

J

On Feb 8, 2011, at 7:44 PM, Michael Scheidell wrote:

> so, the oinkmaster FAQ is offline, or missing, and I want to know how to use oinkmaster on our VRT rules to pull down and compile the binaries locally.
> 
> i see these in the tarball (which I had to pull down manually.. since oinkmaster deletes it)
> 
> drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/
> -rw-r--r--  0 vrtbuild vrtbuild     373 May 31  2010 so_rules/imap.rules
> drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/src/
> -rw-r--r--  0 vrtbuild vrtbuild    1344 Nov 12  2008 so_rules/src/web-misc_base64_decode.h
> -rw-r--r--  0 vrtbuild vrtbuild    3980 Nov  4 09:48 so_rules/src/dos_ms06-32.c
> -rw-r--r--  0 vrtbuild vrtbuild    6016 May 31  2010 so_rules/src/imap_mercur-imapd-ntlmssp.c
> -rw-r--r--  0 vrtbuild vrtbuild    7537 Nov  4 09:39 so_rules/src/smtp_mailenable-ntlm.c
> -rw-r--r--  0 vrtbuild vrtbuild    6918 Nov  4 09:41 so_rules/src/multimedia_cve-2008-5616-mplayer-demux-open-vqf-bo.c
> -rw-r--r--  0 vrtbuild vrtbuild    6008 Oct  3 18:59 so_rules/src/misc_mysql-com-table-dump.c
> -rw-r--r--  0 vrtbuild vrtbuild    5858 May 31  2010 so_rules/src/nntp_xhdr-bo.c
> -rw-r--r--  0 vrtbuild vrtbuild    1344 Dec  8  2008 so_rules/src/netbios_base64-decode.h
> -rw-r--r--  0 vrtbuild vrtbuild    1957 Sep 28 14:47 so_rules/src/snmp_ber.h
> 
> so, how to I get oinkmaster to LEAVE them where I can get at them?
> 
> (no, I need precompiled rules for freebsd 7.3 amd64.) 
> so, since there arn't any, I have to compile them myself.  no big deal, I just want to know how to get oinkmaster to leave them there.
> 
> while I am at it, how do I keep the new preproc_rules:
> got this, should't it keep anything that ends in *.rules?
> 
> update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
> 
> do I need something like:
> update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$|../so_rules/src/*|../preproc_rules/*
> 
> 
> 
> 
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > | SECNAP Network Security Corporation
> Certified SNORT Integrator
> 2008-9 Hot Company Award Winner, World Executive Alliance
> Five-Star Partner Program 2009, VARBusiness
> Best in Email Security,2010: Network Products Guide
> King of Spam Filters, SC Magazine 2008
> 
> This email has been scanned and certified safe by SpammerTrap®. 
> For Information please see http://www.secnap.com/products/spammertrap/
> 
> 
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

--
Joel Esler
jesler at ...435...
http://blog.snort.org && http://blog.clamav.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110208/34dd00c4/attachment.html>


More information about the Snort-sigs mailing list