[Snort-users] Oinkmaster v1.1 released.

Andreas Östling andreaso at ...236...
Sun Oct 10 01:58:14 EDT 2004

Hash: SHA1


Oinkmaster v1.1 has been released.
Oinkmaster is a simple Perl script to update/manage Snort signatures.

Homepage: http://oinkmaster.sourceforge.net/
Download: http://oinkmaster.sourceforge.net/download.shtml
MD5: 28cfaf6220f5fc3fa3f3838ea33cecf1

Changes from v1.0:

o Support template-based modifysid expressions so you can define a
  template once and then use that one instead of repeating complex
  modifysid expressions. Documentation for this is found in
  README.templates and usage examples is found in template-examples.conf.
o New option -s for summarized output (aka bmc mode) to leave out the
  details when printing results for added/removed/modified rules.
  Only the sid and msg string of the rules are printed, plus the
  filename. Non-rule changes are printed as usual.
o New option -m to minimize/simplify the resulting output for modified
  rules. This means that identical leading and trailing parts of the
  new and old rule are removed so the actual change is much easier to
  see. Some characters to the left and right of the diffing parts
  are kept to get some context. More information and example output can
  be found in the updated manual page (oinkmaster.1).
o Support -s and -m in the GUI as well (the "diff mode" buttons)
o Better handling of duplicate rules (i.e. rules with the same SID) for
  files in the downloaded archive:
  - If all the duplicates are disabled, only one of them is passed on to
    the local rules file
  - If one of the rules is enabled and the other one disabled, the
    disabled one is discarded
  - If both rules are active, the one with the highest 'rev' is used
  - If one of the rules has a rev and the other does not, the one with
    the rev is used
  - If the duplicate rules have the same rev, the one appearing last
    in the file is used
o You can now split long configuration directives in oinkmaster.conf to
  multiple lines using the regular trailing \ syntax.
o All modifysid substitutions on multi-line rules (including when using
  templates) now work on the single-line version of the rule so that you
  don't have to care about where the trailing backslashes and newlines 
o When running in super quiet mode (-Q), possible warnings about
  duplicate SIDs in the downloaded rules are suppressed.
o Allow location of editor to be set in the GUI and do not search for a
  default one in a predefined list anymore.
o Removed 'P' flag from tar as it is incompatible together with 't' in
  gtar, which is now used by default on FreeBSD 5.2-CURRENT and later
  (PR ports/70806). Thanks to Saneto Takanori for reporting.
o The GUI will now always use the same Perl binary when executing
  oinkmaster.pl as the one running the GUI itself.
o By popular demand: support marking rules as locally modified to prevent
  them from being overwritten. See oinkmaster.conf and the FAQ for
  documentation about "localsid". Do not use this unless you really have
  to as it's very easy to end up with lots of sigs that aren't maintained
o The default URL in oinkmaster.conf is now
  http://www.snort.org/dl/rules/snortrules-snapshot-2_2.tar.gz as 2.2
  is the latest stable version of Snort at the time of this release.
o The FAQ has been updated, especially the sections about local
  customization of rules.
o Fixed bug so -e works correctly in conjunction with modifysid.
  Thanks to Alex Butcher.
o Fixed bug that prevented ability to load multiple configs under Win32.
o Fixed bug so that modifysid expressions are case-insensitive again
  (as documented).
o Fixed a bunch of documentation typos (thanks to JP Vossen!).


Version: GnuPG v1.2.6 (OpenBSD)


More information about the Snort-users mailing list