[Snort-users] PulledPork and missing sets

Lay, James james.lay at ...15009...
Wed Jul 6 13:23:31 EDT 2011


Hey all,

So....I'm still evaluating pp vs. oinkmaster.  After I run pulled pork I
have 46 emerging threats rulesets, yet the downloaded tarball shows 53
rulesets....why?  Thanks for any help.

James



The pp run:
sudo perl /opt/bin/pulledpork.pl -c
/opt/etc/snort/pulledpork/pulledpork.conf -T


Pulledpork.conf:
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2905.tar.g
z|<oinkcode>
rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-n
ogpl

ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
out_path=/opt/etc/snort/rules/
rule_path=/opt/etc/snort/rules/snort.rules
local_rules=/opt/etc/snort/rules/local.rules
sid_msg=/opt/etc/snort/sid-msg.map
sid_changelog=/var/log/sid_changes.log
sorule_path=/opt/lib/snort_dynamicrules/
snort_path=/opt/bin/snort
config_path=/opt/etc/snort/snort.conf
sostub_path=/opt/etc/snort/rules/so_rules.rules



Results of the run:
Checking latest MD5 for snortrules-snapshot-2905.tar.gz....
        No Match
        Done
Rules tarball download of snortrules-snapshot-2905.tar.gz....
        They Match
        Done!
Prepping rules from snortrules-snapshot-2905.tar.gz for work....
        Done!
Checking latest MD5 for emerging.rules.tar.gz....
        No Match
        Done
Rules tarball download of emerging.rules.tar.gz....
        They Match
        Done!
Prepping rules from emerging.rules.tar.gz for work....
        Done!
Reading rules...
Setting Flowbit State....
        Enabled 57 flowbits
        Enabled 25 flowbits
        Done
Writing /opt/etc/snort/rules/snort.rules....
        Done
Generating sid-msg.map....
        Done
Writing /opt/etc/snort/sid-msg.map....
        Done
Writing /var/log/sid_changes.log....
        Done
Rule Stats....
        New:-------26715
        Deleted:---0
        Enabled Rules:----19385
        Dropped Rules:----0
        Disabled Rules:---7330
        Total Rules:------26715
        Done
Please review /var/log/sid_changes.log for additional details


After the run 46 rulesets:
ET-emerging-activex.rules
ET-emerging-attack_response.rules
ET-emerging-botcc-BLOCK.rules
ET-emerging-botcc.rules
ET-emerging-chat.rules
ET-emerging-ciarmy.rules
ET-emerging-compromised-BLOCK.rules
ET-emerging-compromised.rules
ET-emerging-current_events.rules
ET-emerging-deleted.rules
ET-emerging-dns.rules
ET-emerging-dos.rules
ET-emerging-drop-BLOCK.rules
ET-emerging-drop.rules
ET-emerging-dshield-BLOCK.rules
ET-emerging-dshield.rules
ET-emerging-exploit.rules
ET-emerging-ftp.rules
ET-emerging-games.rules
ET-emerging-inappropriate.rules
ET-emerging-malware.rules
ET-emerging-misc.rules
ET-emerging-mobile_malware.rules
ET-emerging-netbios.rules
ET-emerging-p2p.rules
ET-emerging-policy.rules
ET-emerging-rbn-BLOCK.rules
ET-emerging-rbn.rules
ET-emerging-scada.rules
ET-emerging-scan.rules
ET-emerging-shellcode.rules
ET-emerging-smtp.rules
ET-emerging-snmp.rules
ET-emerging-sql.rules
ET-emerging-telnet.rules
ET-emerging-tftp.rules
ET-emerging-tor-BLOCK.rules
ET-emerging-tor.rules
ET-emerging-trojan.rules
ET-emerging-user_agents.rules
ET-emerging-virus.rules
ET-emerging-voip.rules
ET-emerging-web_client.rules
ET-emerging-web_server.rules
ET-emerging-web_specific_apps.rules
ET-emerging-worm.rules

Downloaded ET tarball shows 53 rulesets:
emerging-activex.rules
emerging-attack_response.rules
emerging-botcc-BLOCK.rules
emerging-botcc.rules
emerging-chat.rules
emerging-ciarmy.rules
emerging-compromised-BLOCK.rules
emerging-compromised.rules
emerging-current_events.rules
emerging-deleted.rules
emerging-dns.rules
emerging-dos.rules
emerging-drop-BLOCK.rules
emerging-drop.rules
emerging-dshield-BLOCK.rules
emerging-dshield.rules
emerging-exploit.rules
emerging-ftp.rules
emerging-games.rules
emerging-icmp_info.rules
emerging-icmp.rules
emerging-imap.rules
emerging-inappropriate.rules
emerging-malware.rules
emerging-misc.rules
emerging-mobile_malware.rules
emerging-netbios.rules
emerging-p2p.rules
emerging-policy.rules
emerging-pop3.rules
emerging-rbn-BLOCK.rules
emerging-rbn-malvertisers-BLOCK.rules
emerging-rbn-malvertisers.rules
emerging-rbn.rules
emerging-rpc.rules
emerging-scada.rules
emerging-scan.rules
emerging-shellcode.rules
emerging-smtp.rules
emerging-snmp.rules
emerging-sql.rules
emerging-telnet.rules
emerging-tftp.rules
emerging-tor-BLOCK.rules
emerging-tor.rules
emerging-trojan.rules
emerging-user_agents.rules
emerging-virus.rules
emerging-voip.rules
emerging-web_client.rules
emerging-web_server.rules
emerging-web_specific_apps.rules
emerging-worm.rules




More information about the Snort-users mailing list