[Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

Jack Pepper pepperjack at ...14319...
Fri May 29 16:47:51 EDT 2009


Quoting "Jefferson, Shawn" <Shawn.Jefferson at ...14448...>:

> what you mean by rule manipulation) as well.  So I guess my initial  
> question still stands: does anyone want to share a script that  
> checks the MD5 first?

How about this:

wget -q -O "${SNORTDIR}/snortrules.tar.gz.md5.new"   
http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz.md5
if [ $? -ne 0 ] ; then
         echo "MD5 download failed"
         exit
fi
OLDSUM=`md5sum ${SNORTDIR}/snortrules.tar.gz.new | awk '{print $1}'`
NEWSUM=`awk 'NF == 4 && $3 == "=" {print $NF;}'  
${SNORTDIR}/snortrules.tar.gz.md5.new`
if [ $OLDSUM == $NEWSUM ] ; then
         echo "No rule changes"
else
         cp -p ${SNORTDIR}/snortrules.tar.gz.new  
${SNORTDIR}/snortrules.tar.gz.old
         wget  -O "${SNORTDIR}/snortrules.tar.gz.new"   
http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz
         if [ $? -ne 0 ] ; then
                 echo "snort rules download failed"
                 exit
         fi
fi

If the format of the MD5 file ever changes we're screwed, but here's  
what i'll be using until then.

jp
-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com





More information about the Snort-users mailing list