[Snort-users] SF: Someone please update the gen-msg.map in rules tarball

Nigel Houghton nhoughton at ...1935...
Thu May 20 20:36:48 EDT 2010


On Thu, May 20, 2010 at 7:37 PM, Russell Fulton <r.fulton at ...3809...> wrote:
>
>
> On 21/05/2010, at 12:22 AM, Nigel Houghton wrote:
>
>> On Wed, May 19, 2010 at 9:29 PM, Russell Fulton <r.fulton at ...3809...> wrote:
>>> Hi Nigel,
>>> http://www.snort.org/pub-bin/oinkmaster.cgi/oinkcode/snortrules-snapshot-2.8.tar.gz
>>>
>>> I get permission denied when I get the _s file as we decided not to renew our sub.
>>>
>>> Should I re-register?
>>>
>>> Russell
>>>
>>
>> You might need a new oinkcode.
>>
>
> logged into www.snort.org and checked the download page and oinkcode.
>
> It it clear that the _s files are for *subscribers*, registered users use the non _s files and it is this one that has the old gen-msg.map file.
>
> [snort at ...14602... ~]$ cd ~/Rules/
> [snort at ...14602... Rules]$ wget http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=c7570aa634a8ad8dcf4e9f3ec8246f079cde0e31
> [ snip ]
>
> 11:25:01 (252 KB/s) - `snortrules-snapshot-2.8.tar.gz.1' saved [38956782/38956782]
>
> [snort at ...14602... Rules]$ ls -l snortrules-snapshot-2.8.tar.gz*
> -rw-rw-r-- 1 snort snort 38956782 May 16 02:51 snortrules-snapshot-2.8.tar.gz
> -rw-rw-r-- 1 snort snort 38956782 May 16 02:51 snortrules-snapshot-2.8.tar.gz.1
> -rw-rw-r-- 1 snort snort       32 May 16 02:51 snortrules-snapshot-2.8.tar.gz.md5
>
> [snort at ...14602... Rules]$ cd snapshot-2.8/
> [snort at ...14602... snapshot-2.8]$ tar -zxf ../snortrules-snapshot-2.8.tar.gz.1
> [snort at ...14602... snapshot-2.8]$ ls -l etc
> total 2160
> -rw-r--r-- 1 snort snort    3547 Mar 16 10:00 classification.config
> -rw-r--r-- 1 snort snort    2060 Jan 19  2007 generators
> -rw-r--r-- 1 snort snort   12103 Sep 20  2007 gen-msg.map
> -rw-r--r-- 1 snort snort     230 Dec 19  2003 Makefile.am
> -rw-r--r-- 1 snort snort    1112 Jan 20 08:09 open-test.conf
> -rw-r--r-- 1 snort snort     608 Oct 21  2003 reference.config
> -rw-r--r-- 1 snort snort       5 Jan  6  2006 sid
> -rw-r--r-- 1 snort snort 2081151 Apr 16 03:29 sid-msg.map
> -rw-r--r-- 1 snort snort   17646 Apr 14 08:35 snort.conf
> -rw-r--r-- 1 snort snort    2319 Dec  6  2003 threshold.conf
> -rw-r--r-- 1 snort snort   53841 Oct 21  2003 unicode.map
> [snort at ...14602... snapshot-2.8]$
>
> note the timestamp on gen-msg.map -- Sep 20  2007!


Well, the good news is that the gen-msg.map is up to date in the
snortrules-snapshot-2853_s.tar.gz and the
snortrules-snapshot-2860_s.tar.gz tar balls. The bad news is that you
don't yet have it in the registered tar balls (except for those
running 2.8.6.0 for whom we put the latest subscriber pack up for
download to bridge the gap for shared object rules). You could always
download that file and extract the gen-msg.map from it. Or you could
use the one attached.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gen-msg.map
Type: application/octet-stream
Size: 18273 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100520/77d1de69/attachment.obj>


More information about the Snort-users mailing list