[Snort-users] Oinkmaster v0.8 released.
andreaso at ...236...
Wed Sep 3 07:42:05 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Oinkmaster v0.8 has been released.
MD5 is e888fb4d76c78c16e205984675fea78f
Changes from v0.7:
o Experimental multi-line rule support.
o Make contrib/addsid.pl and contrib/addmsg.pl handle multi-line rules as
o Added create-sidmap.pl to contrib section. It's a script that generates
a SID map from a directory with rules files. (Like snort's regen-sidmap,
but this one handles multi-line rules).
o The 'modifysid' keyword now regards the arguments as regular expressions.
So if you already use this function, you may have to adjust the arguments.
Based on a patch from operator at ...10025... Also added a bunch of examples.
o Understand Snort_inline's "drop", "sdrop" and "reject" rules.
o You can now start Perl with tainting checks enabled if you like, if
you have a reasonably recent version of Perl.
o The default temporary directory will be checked for in the environment
variables TMP, TMPDIR and TEMPDIR. "/tmp" will be used if none was set.
You can override this by setting tmpdir in oinkmaster.conf.
o A bunch of Win32/Cygwin fixes, mostly from Ueli Kistler <iuk at ...1171...>.
o A bunch of fixes that makes it work on native Win32 with ActivePerl.
o Added a README.win32 with information about Oinkmaster on Windows.
o Added command line argument "-T" to test the configuration and then exit.
o Better check for duplicate SIDs. Check is done across all files now, and
duplicate SIDs in downloaded archive are discarded (only first one is
kept) and not copied to the local files. This will avoid some annoying
warning messages about duplicates in the local files that won't go away
until the files gets updated again. Pointed out by elof at ...10026...
o Slightly modified format when printing results
(hopefully easier to read when there are a large number of changes).
o New options in oinkmaster.conf: min_files and min_rules.
If number of rules files or number of rules are not at least min_files
and min_rules respectively, the rules tarball is regarded as broken and
the update is aborted. Both are set to 1 by default.
o New command line option, -U <file>. If specified, variable definitions that
exist in the distribution snort.conf but not in <file>
will be inserted at the beginning of it. See README for more info.
o Avoid using move() from File::Copy since some versions of it lies about
the error message (e.g. "Cross-device link" instead of "Permission denied").
Thanks to Del Armstrong for investigating this issue!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users