[Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

JJ Cummings cummingsj at ...11827...
Fri May 29 15:57:10 EDT 2009


or use pulledpork to grab the rules file (and verify) then use oinkmaster to
manipulate it the way that you want to for now.. since you can specify where
oinkmaster gets the rules file from..

On Fri, May 29, 2009 at 1:40 PM, Joel Esler <jesler at ...1935...> wrote:

> I don't know of one, but it would be extremely easy to write. I would do
> it, but a plane is calling my name.
>
> --Joel Esler | Sourcefire | 302-223-5974
>
> On May 29, 2009, at 2:22 PM, "Jefferson, Shawn" <
> Shawn.Jefferson at ...14448...> wrote:
>
>  Hi,
>
>
>
> Sounds like it will be the replacement for Oinkmaster, but currently I’m
> using Oinkmaster to disable certain rules (I’m assuming that’s what you mean
> by rule manipulation) as well.  So I guess my initial question still stands:
> does anyone want to share a script that checks the MD5 first?
>
>
>
> Thanks,
>
> Shawn
>
>
>  ------------------------------
>
> *From:* jcummings at ...1935... [mailto:jcummings at ...1935...<jcummings at ...13703...35...>]
> *On Behalf Of *JJ Cummings
> *Sent:* May 29, 2009 12:13 PM
> *To:* Jefferson, Shawn
> *Cc:* Snort Users List
> *Subject:* Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
>
>
> Well, it's complete as of phase 1 in the timeline for release 0.1 so if you
> need to do any rule manipulation.. that's coming.. within the next few weeks
> hopefully.
>
> Release 0.1:
>
>    - First *Beta* Release
>    - Downloads latest rules file
>    - Verifies MD5 of local rules file
>    - If MD5 has not changed from snort.org.. doesn't fetch files again
>    - handle both rules and so_rules
>    - Capability to generate stub files
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn <<Shawn.Jefferson at ...14511...448...>
> Shawn.Jefferson at ...14448...> wrote:
>
> I’ll take a look at it.
>
>
>
> At this point though, it hasn’t been “released” officially and still in
> beta though, right?
>
>
>  ------------------------------
>
> *From:* <jcummings at ...1935...>jcummings at ...1935... [mailto:<jcummings at ...979...1935...>
> jcummings at ...1935...] *On Behalf Of *JJ Cummings
> *Sent:* May 29, 2009 12:04 PM
> *To:* Jefferson, Shawn
> *Cc:* Snort Users List
>
>
> *Subject:* Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
>
>
> pulledpork does this.. it can be found here =>
> <http://code.google.com/p/pulledpork>http://code.google.com/p/pulledpork
>
> I just finished modifying it so that no matter the format of the md5 file
> it will only grab the hash value out of it.. so should be good to go with
> that one now.
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <<Shawn.Jefferson at ...391...4448...>
> Shawn.Jefferson at ...14448...> wrote:
>
> Does anyone have a shell script that downloads the md5 and compares it to
> the last one before running oinkmaster.pl that they want to share?
>
> I'm in the "downloading once a day" camp, and I've noticed that this has
> been failing quite often lately.
>
>
> -----Original Message-----
> From: Sandro guly Zaccarini [mailto: <guly at ...14592...>guly at ...14592...]
> Sent: May 29, 2009 10:36 AM
> To: 'Snort Users List'
> Cc: Jeff Dell
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
> On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> > The problem with once a week is what happens if you check on Monday at
> 8am
> > and the rules are updated on Monday at 8:05? You won't get any updates
> for 2
> > weeks. It would be really great to have something like a checksum that
> will
> > be available to see if there is a change in the rules file.
>
> actually there is an md5 file, and i was thinkin' about asking why VRT
> changed its format without alerting users before.
> personally, i download daily that md5 file and compare to the latest md5
> i've got: if they don't match it means that there is something new.
>
> but we're a bit OT here :)
>
> sz
>
> --
>  /"\   taste your favourite sysadmin
>  \ /   gpg public key <http://www.guly.org/guly.asc>
> http://www.guly.org/guly.asc
>   X
>  / \
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. <http://p.sf.net/sfu/creativitycat-com>
> http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
>  <Snort-users at lists.sourceforge.net>Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
>  <https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>  <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
>
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090529/0c823d3a/attachment.html>


More information about the Snort-users mailing list