[Snort-users] New version of pulledpork released 0.4.0 the Drunken Leprechaun!

JJ Cummings cummingsj at ...11827...
Fri Mar 26 13:24:28 EDT 2010


This version constitutes a major rewrite of the rule reading, modification
and writing system to improve speed, future module addition, supportability,
and of course reliability.

New Features/changes:


   - Enablesid
   - Moved all .conf files under etc/
   - Ability to define sid ranges in any of the sid modification .conf files
   - Ability to specify references in any of the sid modification .conf
   files
   - Ability to ignore entire rule categories (i.e. not include them)
   - Specify locally stored rules files that need their meta data included
   in sid-msg.map
   - All rulestate modifications, comparisons etc.. are now handled
   in-memory
   - Rewrite of sid-msg.map generation code to allow for all proper
   character reading and addition to sid-msg.map
   - No longer reliant on tar binary, now using Archive::Tar
   - Ability to specify your arch for so_rules
   - Added significant amounts of debug output when an error is detected
   - Rules are now written to only two distinct files

Bug Fixes:


   - Properly account for whitespace in non-standard rulesets such as ET
   - Cleaned up and improved the changelog to display new / deleted sids and
   rule totals
   - Certian conditions caused the md5 check to fail even when valid - This
   was primarily an ET issue, but did manifest on VRT rulesets also
   - Many small fixes that were not tracked well :-P
   - Do not overwrite local.rules, but still include in sid-msg.map
   generation

More information on the pulledpork site at
http://code.google.com/p/pulledpork or on the official release blog entry
at
http://global-security.blogspot.com/2010/03/pulling-pork-with-drunken-leprechaun-pp.html

Thanks for all of the great community support and feedback thus far!

JJC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100326/c0b6d7f8/attachment.html>


More information about the Snort-users mailing list