[Snort-users] Re: [Snort-sigs] Oinkmaster questions

Andreas Östling andreaso at ...236...
Wed Jun 11 02:21:15 EDT 2003


On Tuesday 10 June 2003 15.05, Philip Davidson wrote:
> Yeah, I would like to see something that would check for updates against an
> md5 checksum.  That would be pretty keen.
>
> Philip Davidson

I don't really see how checking the md5 checksum would be much help
in this case. Just because the tarball's md5 checksum matches, it doesn't
really say anything whether its content will screw things up or not.

I think the most common reason that things break when you do it fully
automated with oinkmaster is when new variables are added to snort.conf and 
used in the rules (since your local snort.conf does not get updated).
So far, this has happened very rarely though, but it's something to be
aware of. It would be easy to add an option to oinkmaster that makes it
look for variables in the distribution snort.conf and add possible missing
ones to the local snort.conf though, if people think this is a good idea.

If you really want to do the updating automatically but don't want to screw
things up because of syntax errors, simply run snort -T before possibly 
reloading the rules and have the script call for help when required.
(This of course still assumes that you automatically approve all rule changes, 
which may cause other problems even though they actually load without 
problems...)

/Andreas





More information about the Snort-users mailing list