[Snort-users] re: instant snort sigs for new vulnerabilites
andreaso at ...236...
Wed Jul 3 01:04:03 EDT 2002
On Wednesday 03 July 2002 09.15, Maarten wrote:
> One downside: oinkmaster deactivates (at least the version I once
> downloaded) sids by placing a "#" at the beginning of a rule.
I only does so for the sids you tell Oinkmaster to disable. This is a feature
and I don't get why this would be a downside.
(Or would you for some reason prefer that the unwanted rules were removed
instead of commented out?)
> It also
> activates all rules with a "#" at the beginning of a line when they are not
> specified by oinkmaster. Since the new 1.9 rules are commented out with a
> "#", you will have problems with 1.8 because oinkmaster uncomments the
... Unless you specify "-p" which will preserve the commented out lines.
I agree this is stupid, and this has been changed in 0.6 which will be
released as soon as I have a free minute :)
More information about the Snort-users