[Snort-users] Updating Rules with PulledPork and no outside connection

Michael Steele michaels at ...9077...
Mon Sep 17 09:02:38 EDT 2012


I've looked through the list archive and was unable to find any specifics on
how to do this.

I need to run PulledPork on a closed network.

The run line I have is:
'perl d:\winids\pulledpork\pulledpork.pl -c
d:\winids\pulledpork\etc\pulledpork.conf -v -T -n'

I'm pretty sure the -n tells PulledPork to process locally?

There are two files that need to be used and I'm not sure what to do with
them?
1) snortrules-snapshot-2931.tar.gz
2) opensource.gz


Do these lines need to be hashed out?
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkco
de>
rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>


Just to verify; using the -T in the run line means I don't have to hash out
the so_rules section below?

sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/usr/local/bin/snort
config_path=/usr/local/etc/snort/snort.conf
sostub_path=/usr/local/etc/snort/rules/so_rules.rules
distro=FreeBSD-8.1

Kindest regards,
Michael...









More information about the Snort-users mailing list