[Snort-users] Oinkmaster v1.0 released.
andreaso at ...236...
Sat May 15 01:55:01 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Oinkmaster v1.0 has been released.
For those who don't know, Oinkmaster is a simple tool to update/manage
Snort signatures. The homepage is at http://oinkmaster.sourceforge.net/
Changes from v0.9:
o Default URL in distribution oinkmaster.conf is now
forget to change it if it's not the right one for your version
o You can now set "rule_actions = ..." in oinkmaster.conf to tell
Oinkmaster what keywords are valid as the start of a Snort rule. Useful
if you create your own ruletypes and want those lines to be regarded as
rules instead of non-rule lines. If unset,
"alert|drop|log|pass|reject|sdrop|activate|dynamic" will be used
(same as before).
o You can now run without external binaries if you have the required
Perl modules installed (Archive::Tar, IO::Zlib and LWP::UserAgent).
You can set use_external_bins to 0 or 1 in oinkmaster.conf to override
the default. 0 means to use the Perl modules, 1 means to use external
binaries. It's set to 0 by default on Win32 (since the required
Perl modules are already included in ActivePerl 5.8.1+), and 1 on other
systems (i.e. same behavior as before). This makes it much easier to
install Oinkmaster on Windows/ActivePerl. See the new default
oinkmaster.conf for more information.
o A simple graphical multi-platform front-end to Oinkmaster written in
Perl/Tk is included in the contrib directory (oinkgui.pl).
See README.gui for more information. Screenshots are available on
o contrib/makesidex.pl has been rewritten to handle multi-line rules and
multiple rules directories. It will now also include the rule's "msg"
string as a comment on each disablesid line it prints. Usage syntax is
o The other contrib scripts have been improved with misc feature updates
and small bug fixes as well. For example, addmsg.pl now handles
multiple rules directories just like the others. All scripts now give
a short description when run without arguments. Full descriptions can
still be found in contrib/README.contrib.
o The new default oinkmaster.conf has been updated with more and better
examples (mostly "modifysid" stuff).
o Slightly improved multi-line rule parsing.
o Perl version is checked on startup and must be >= 5.6.1.
o Permission on all rules files in the output directory that are subject
to become updated by Oinkmaster (i.e. files matching the "update_rules"
regexp and that are not ignore by a "skipfile") are now checked
before starting, so that we don't bail out in a middle of
execution if a copy of an updated file should fail because of
o A manual page is now included which describes all the command
line options in detail.
o Major documentation updates (INSTALL, README, README.win32, FAQ).
o Many other improvements.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users