[Snort-users] New version of pulledpork released 0.4.0 the Drunken Leprechaun!
cummingsj at ...11827...
Fri Mar 26 13:24:28 EDT 2010
This version constitutes a major rewrite of the rule reading, modification
and writing system to improve speed, future module addition, supportability,
and of course reliability.
- Moved all .conf files under etc/
- Ability to define sid ranges in any of the sid modification .conf files
- Ability to specify references in any of the sid modification .conf
- Ability to ignore entire rule categories (i.e. not include them)
- Specify locally stored rules files that need their meta data included
- All rulestate modifications, comparisons etc.. are now handled
- Rewrite of sid-msg.map generation code to allow for all proper
character reading and addition to sid-msg.map
- No longer reliant on tar binary, now using Archive::Tar
- Ability to specify your arch for so_rules
- Added significant amounts of debug output when an error is detected
- Rules are now written to only two distinct files
- Properly account for whitespace in non-standard rulesets such as ET
- Cleaned up and improved the changelog to display new / deleted sids and
- Certian conditions caused the md5 check to fail even when valid - This
was primarily an ET issue, but did manifest on VRT rulesets also
- Many small fixes that were not tracked well :-P
- Do not overwrite local.rules, but still include in sid-msg.map
More information on the pulledpork site at
http://code.google.com/p/pulledpork or on the official release blog entry
Thanks for all of the great community support and feedback thus far!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users