[Snort-users] Re: [Snort-sigs] Oinkmaster questions

Philip Davidson Philip at ...8580...
Tue Jun 10 06:10:01 EDT 2003


Yeah, I would like to see something that would check for updates against an
md5 checksum.  That would be pretty keen.

Philip Davidson

-----Original Message-----
From: Anthony Kim [mailto:Anthony.Kim at ...9338...] 
Sent: Monday, June 09, 2003 5:25 PM
To: Snort Users (snort-users at lists.sourceforge.net);
(snort-sigs at lists.sourceforge.net)
Subject: Re: [Snort-users] Re: [Snort-sigs] Oinkmaster questions

On Tue, Jun 10, 2003, Russell Fulton wrote:

> On Tue, 2003-06-10 at 07:00, Philip Davidson wrote:
> > Hello all,
> > 
> >  
> > 
> > Has anyone ever had any problems with letting oinkmaster be
> > fully automated?  Some documentation that I have says that it
> > could be unreliable for a couple of reasons.  But I am
> > wondering if anyone has ever had any problems like snort
> > messing up as a result of full automation.
> 
> There have been *very* occasional glitches where new rules have
> trigged bugs in some configurations.  I have my own equivalent
> of oinkmaster (I'm currently dumping it in favour of
> oinkmaster) and I have had problems with it barfing on some new
> rules that it did not know how to handle.  Oinkmaster is
> probably more robust in this respect -- it does not try to be
> as smart as mine ;-) and is more stable because of it.

I was considering adding md5 checksum verification to oinkmaster
at some point but never got around to it.

Anyhow for now I use make, sed, and CVS which works fine.

md5 checking can look a little like this in your Makefile:

checksum:
	CKSUM=`md5sum snortrules-stable.tar.gz | awk '{print $$1}'`;\
	grep $$CKSUM snortrules-stable.tar.gz.md5 >/dev/null 2>&1 || \
		(echo "Checksum does not match!" && exit 1)

Oinkmaster does have a simple elegance to it and is preferable
for most people I'm sure.



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-users mailing list