[Snort-users] Oinkmaster v1.1 released.
andreaso at ...236...
Sun Oct 10 01:58:14 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Oinkmaster v1.1 has been released.
Oinkmaster is a simple Perl script to update/manage Snort signatures.
Changes from v1.0:
o Support template-based modifysid expressions so you can define a
template once and then use that one instead of repeating complex
modifysid expressions. Documentation for this is found in
README.templates and usage examples is found in template-examples.conf.
o New option -s for summarized output (aka bmc mode) to leave out the
details when printing results for added/removed/modified rules.
Only the sid and msg string of the rules are printed, plus the
filename. Non-rule changes are printed as usual.
o New option -m to minimize/simplify the resulting output for modified
rules. This means that identical leading and trailing parts of the
new and old rule are removed so the actual change is much easier to
see. Some characters to the left and right of the diffing parts
are kept to get some context. More information and example output can
be found in the updated manual page (oinkmaster.1).
o Support -s and -m in the GUI as well (the "diff mode" buttons)
o Better handling of duplicate rules (i.e. rules with the same SID) for
files in the downloaded archive:
- If all the duplicates are disabled, only one of them is passed on to
the local rules file
- If one of the rules is enabled and the other one disabled, the
disabled one is discarded
- If both rules are active, the one with the highest 'rev' is used
- If one of the rules has a rev and the other does not, the one with
the rev is used
- If the duplicate rules have the same rev, the one appearing last
in the file is used
o You can now split long configuration directives in oinkmaster.conf to
multiple lines using the regular trailing \ syntax.
o All modifysid substitutions on multi-line rules (including when using
templates) now work on the single-line version of the rule so that you
don't have to care about where the trailing backslashes and newlines
o When running in super quiet mode (-Q), possible warnings about
duplicate SIDs in the downloaded rules are suppressed.
o Allow location of editor to be set in the GUI and do not search for a
default one in a predefined list anymore.
o Removed 'P' flag from tar as it is incompatible together with 't' in
gtar, which is now used by default on FreeBSD 5.2-CURRENT and later
(PR ports/70806). Thanks to Saneto Takanori for reporting.
o The GUI will now always use the same Perl binary when executing
oinkmaster.pl as the one running the GUI itself.
o By popular demand: support marking rules as locally modified to prevent
them from being overwritten. See oinkmaster.conf and the FAQ for
documentation about "localsid". Do not use this unless you really have
to as it's very easy to end up with lots of sigs that aren't maintained
o The default URL in oinkmaster.conf is now
http://www.snort.org/dl/rules/snortrules-snapshot-2_2.tar.gz as 2.2
is the latest stable version of Snort at the time of this release.
o The FAQ has been updated, especially the sections about local
customization of rules.
o Fixed bug so -e works correctly in conjunction with modifysid.
Thanks to Alex Butcher.
o Fixed bug that prevented ability to load multiple configs under Win32.
o Fixed bug so that modifysid expressions are case-insensitive again
o Fixed a bunch of documentation typos (thanks to JP Vossen!).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users