[Snort-users] Oinkmaster v0.9 released.
andreaso at ...236...
Tue Dec 2 11:44:02 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Oinkmaster v0.9 has been released.
Please note that the Oinkmaster homepage has moved to
For those who don't know, Oinkmaster is a simple tool to update/manage
Changes from v0.8:
o It's much faster now.
o Added ability to use "include <file>" in oinkmaster configuration
files. <file> will be parsed (just like a regular oinkmaster.conf) as
soon as the include statement is seen, and then return and continue
parsing the rest of the original file. If an option is re-defined, it
will override the previous value. You can use as many 'include'
statements as you wish, and also include even more files from included
o Also permit an arbitrary number of "-C" arguments to be specified on
command line to load multiple config files. They will be loaded in the
order of appearance.
o Permit https://... in url specification. Only useful if your wget is
SSL-enabled and you download from an SSL-enabled site.
o Permit scp://<user>@<remotehost>:<file.tar.gz> in url specification.
The rules archive will be copied from remotehost using scp (only tested
with OpenSSH). You can specify a private key with scp_key = ... in
oinkmaster.conf (or set it in ~/.ssh/config).
o You can now specify "-i" for interactive mode. You will be asked to
approve the changes before Oinkmaster modifies anything.
o Added 'enablesid' option to oinkmaster.conf.
o Slightly improved rules parsing (order of sid and msg does not matter).
o oinkmaster.conf will be searched for in /etc/ and /usr/local/etc/ by
o Make contrib/create-sidmap.pl and contrib/addsid.pl take an arbtitrary
number of directories as argument.
o Added a FAQ.
o wget is now always run in verbose mode, although the output is not displayed
unless you run Oinkmaster in verbose mode as well, or if an error occurs
(i.e. no more need to re-run in verbose mode just to get decent error
o deleted.rules is now ignored (with a "skipfile delete.rules") in the
o You can now specify a wildcard ('*') to the modifysid keyword, like
modifysid * "foo" | "bar", to apply the substitution expression to all
matching rules. This enables you to do stuff like convert all rules of a
certain classtype to 'drop' rules, or replace all 'flow' keywords with
"flags: A+;", and so on. See oinkmaster.conf for examples.
o Include seconds in filename of backup tarball.
o Many other minor improvements.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users