[Snort-sigs] oinkmaster vs pulled port, round two:

Joel Esler jesler at ...435...
Thu Feb 10 11:33:49 EST 2011


Not a bad idea.  Can you submit that as a feature request on the pulledpork site?

Joel

On Feb 10, 2011, at 10:20 AM, Michael Scheidell wrote:

> I think round one was a draw.
> some people want the rules in their original files, some would like them in easier managed 'single file'
> 
> I can see with PP, how being able to disable a RULE in, say snort_lan.conf vs disabling a whole rule set would have its advantages.
> I can see how you might want to manage your main distribution point with oinkmaster.
> 
> round 2: licensing, copyrights:
> our situation:
> we pull down VRT rules (licensed), run oinkmaster on them to set up 'our tweaks' to the rules, then create a tarball (./rules/*.rules)
> each individual snort sensor BOX runs a local copy of oinkmaster, to pull down our tarball and add local oinkmaster.conf tweaks to it.
> 
> I assume that even if I go with PP on the individual sensors (which seems to give me more flexibility, see round 1), that I still would need oinkmaster for the first step.
> 
> Also, how would PP preserve the copyright and license agreements that are in each rule file?
> I believe that, even though we are licensed to redistribute VRT rules (and pay for each sensor...), we are required to leave the license and copyright notices there.  
> 
> this would apply to VRT rules, GPL(2,3,) lesser, apache, anything, right?
> 
> 
> this still makes PP vs oinkmaster, round two a draw.  PP can't preserve the copyright/license, oinkmaster can. so, on main distribution point, we still would need oinkmaster.
> 
> 
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > | SECNAP Network Security Corporation
> Certified SNORT Integrator
> 2008-9 Hot Company Award Winner, World Executive Alliance
> Five-Star Partner Program 2009, VARBusiness
> Best in Email Security,2010: Network Products Guide
> King of Spam Filters, SC Magazine 2008
> 
> This email has been scanned and certified safe by SpammerTrap®. 
> For Information please see http://www.secnap.com/products/spammertrap/
> 
> 
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

--
Joel Esler
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20110210/8d9fcbf3/attachment.html>


More information about the Snort-sigs mailing list