[Snort-users] Oinkmaster v0.8 released.

Andreas Östling andreaso at ...236...
Wed Sep 3 07:42:05 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello,

Oinkmaster v0.8 has been released.

Homepage:
http://nitzer.dhs.org/oinkmaster/

Direct download:
ftp://ftp.it.su.se/pub/users/andreas/oinkmaster/oinkmaster-0.8.tar.gz

MD5 is e888fb4d76c78c16e205984675fea78f

Changes from v0.7:

o Experimental multi-line rule support.
o Make contrib/addsid.pl and contrib/addmsg.pl handle multi-line rules as 
well.
o Added create-sidmap.pl to contrib section. It's a script that generates
  a SID map from a directory with rules files. (Like snort's regen-sidmap,
  but this one handles multi-line rules).
o The 'modifysid' keyword now regards the arguments as regular expressions.
  So if you already use this function, you may have to adjust the arguments.
  Based on a patch from operator at ...10025... Also added a bunch of examples.
o Understand Snort_inline's "drop", "sdrop" and "reject" rules.
o You can now start Perl with tainting checks enabled if you like, if
  you have a reasonably recent version of Perl.
o The default temporary directory will be checked for in the environment
  variables TMP, TMPDIR and TEMPDIR. "/tmp" will be used if none was set.
  You can override this by setting tmpdir in oinkmaster.conf.
o A bunch of Win32/Cygwin fixes, mostly from Ueli Kistler <iuk at ...1171...>.
o A bunch of fixes that makes it work on native Win32 with ActivePerl.
o Added a README.win32 with information about Oinkmaster on Windows.
o Added command line argument "-T" to test the configuration and then exit.
o Better check for duplicate SIDs. Check is done across all files now, and
  duplicate SIDs in downloaded archive are discarded (only first one is
  kept) and not copied to the local files. This will avoid some annoying
  warning messages about duplicates in the local files that won't go away
  until the files gets updated again. Pointed out by elof at ...10026...
o Slightly modified format when printing results
  (hopefully easier to read when there are a large number of changes).
o New options in oinkmaster.conf: min_files and min_rules.
  If number of rules files or number of rules are not at least min_files
  and min_rules respectively, the rules tarball is regarded as broken and
  the update is aborted. Both are set to 1 by default.
o New command line option, -U <file>. If specified, variable definitions that
  exist in the distribution snort.conf but not in <file>
  will be inserted at the beginning of it. See README for more info.
o Avoid using move() from File::Copy since some versions of it lies about
  the error message (e.g. "Cross-device link" instead of "Permission denied").
  Thanks to Del Armstrong for investigating this issue!


/Andreas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (OpenBSD)

iD8DBQE/Vf1oytHlY5LIf/YRAr1MAJ97J3qN1Vye1ZxQpOqSMFseo2XDTwCfWH7e
hOPk63GW90D4DpUGHoTIeh0=
=v5wv
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list