[Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

Joel Esler jesler at ...1935...
Fri May 29 15:40:31 EDT 2009


I don't know of one, but it would be extremely easy to write. I would  
do it, but a plane is calling my name.

--
Joel Esler | Sourcefire | 302-223-5974

On May 29, 2009, at 2:22 PM, "Jefferson, Shawn" <Shawn.Jefferson at ...14596.... 
 > wrote:

> Hi,
>
>
>
> Sounds like it will be the replacement for Oinkmaster, but currently  
> I’m using Oinkmaster to disable certain rules (I’m assuming  
> that’s what you mean by rule manipulation) as well.  So I guess my i 
> nitial question still stands: does anyone want to share a script tha 
> t checks the MD5 first?
>
>
>
> Thanks,
>
> Shawn
>
>
>
> From: jcummings at ...1935... [mailto:jcummings at ...1935...] On  
> Behalf Of JJ Cummings
> Sent: May 29, 2009 12:13 PM
> To: Jefferson, Shawn
> Cc: Snort Users List
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz  
> Download Error?
>
>
>
> Well, it's complete as of phase 1 in the timeline for release 0.1 so  
> if you need to do any rule manipulation.. that's coming.. within the  
> next few weeks hopefully.
>
> Release 0.1:
>
> First Beta Release
> Downloads latest rules file
> Verifies MD5 of local rules file
> If MD5 has not changed from snort.org.. doesn't fetch files again
> handle both rules and so_rules
> Capability to generate stub files
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn <Shawn.Jefferson at ...14545...48... 
> > wrote:
>
> I’ll take a look at it.
>
>
>
> At this point though, it hasn’t been “released” officially and  
> still in beta though, right?
>
>
>
> From: jcummings at ...1935... [mailto:jcummings at ...1935...] On  
> Behalf Of JJ Cummings
> Sent: May 29, 2009 12:04 PM
> To: Jefferson, Shawn
> Cc: Snort Users List
>
>
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz  
> Download Error?
>
>
>
> pulledpork does this.. it can be found here => http://code.google.com/p/pulledpork
>
> I just finished modifying it so that no matter the format of the md5  
> file it will only grab the hash value out of it.. so should be good  
> to go with that one now.
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <Shawn.Jefferson at ...14511...448... 
> > wrote:
>
> Does anyone have a shell script that downloads the md5 and compares  
> it to the last one before running oinkmaster.pl that they want to  
> share?
>
> I'm in the "downloading once a day" camp, and I've noticed that this  
> has been failing quite often lately.
>
>
> -----Original Message-----
> From: Sandro guly Zaccarini [mailto:guly at ...14592...]
> Sent: May 29, 2009 10:36 AM
> To: 'Snort Users List'
> Cc: Jeff Dell
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz  
> Download Error?
>
> On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> > The problem with once a week is what happens if you check on  
> Monday at 8am
> > and the rules are updated on Monday at 8:05? You won't get any  
> updates for 2
> > weeks. It would be really great to have something like a checksum  
> that will
> > be available to see if there is a change in the rules file.
>
> actually there is an md5 file, and i was thinkin' about asking why VRT
> changed its format without alerting users before.
> personally, i download daily that md5 file and compare to the latest  
> md5
> i've got: if they don't match it means that there is something new.
>
> but we're a bit OT here :)
>
> sz
>
> --
>  /"\   taste your favourite sysadmin
>  \ /   gpg public key http://www.guly.org/guly.asc
>   X
>  / \
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity  
> professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like  
> Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity  
> professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like  
> Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090529/ffd6c4a4/attachment.html>


More information about the Snort-users mailing list