[Snort-users] Oinkmaster v0.9 released.

Andreas Östling andreaso at ...236...
Tue Dec 2 11:44:02 EST 2003

Hash: SHA1


Oinkmaster v0.9 has been released.


MD5: 8ed30c07f2ef5c977e1201a014bf9c5c

PGP signature:

Please note that the Oinkmaster homepage has moved to

For those who don't know, Oinkmaster is a simple tool to update/manage
Snort signatures.

Changes from v0.8:

o It's much faster now.
o Added ability to use "include <file>" in oinkmaster configuration
  files. <file> will be parsed (just like a regular oinkmaster.conf) as
  soon as the include statement is seen, and then return and continue
  parsing the rest of the original file. If an option is re-defined, it
  will override the previous value. You can use as many 'include'
  statements as you wish, and also include even more files from included
o Also permit an arbitrary number of "-C" arguments to be specified on
  command line to load multiple config files. They will be loaded in the
  order of appearance.
o Permit https://... in url specification. Only useful if your wget is
  SSL-enabled and you download from an SSL-enabled site.
o Permit scp://<user>@<remotehost>:<file.tar.gz> in url specification.
  The rules archive will be copied from remotehost using scp (only tested
  with OpenSSH). You can specify a private key with scp_key = ... in
  oinkmaster.conf (or set it in ~/.ssh/config).
o You can now specify "-i" for interactive mode. You will be asked to
  approve the changes before Oinkmaster modifies anything.
o Added 'enablesid' option to oinkmaster.conf.
o Slightly improved rules parsing (order of sid and msg does not matter).
o oinkmaster.conf will be searched for in /etc/ and /usr/local/etc/ by 
o Make contrib/create-sidmap.pl and contrib/addsid.pl take an arbtitrary
  number of directories as argument.
o Added a FAQ.
o wget is now always run in verbose mode, although the output is not displayed
  unless you run Oinkmaster in verbose mode as well, or if an error occurs
  (i.e. no more need to re-run in verbose mode just to get decent error
o deleted.rules is now ignored (with a "skipfile delete.rules") in the
  default oinkmaster.conf.
o You can now specify a wildcard ('*') to the modifysid keyword, like
  modifysid * "foo" | "bar", to apply the substitution expression to all
  matching rules. This enables you to do stuff like convert all rules of a
  certain classtype to 'drop' rules, or replace all 'flow' keywords with
  "flags: A+;", and so on. See oinkmaster.conf for examples.
o Include seconds in filename of backup tarball.
o Many other minor improvements.


Version: GnuPG v1.2.3 (OpenBSD)


More information about the Snort-users mailing list