snort-sigs February 2011 archive
Main Archive Page > Month Archives  > snort-sigs archives
snort-sigs: [Snort-sigs] oinkmaster and so rules.. FAQ broken?

[Snort-sigs] oinkmaster and so rules.. FAQ broken?

From: Michael Scheidell <michael.scheidell_at_nospam>
Date: Wed Feb 09 2011 - 00:44:59 GMT
To: <>

so, the oinkmaster FAQ is offline, or missing, and I want to know how to
use oinkmaster on our VRT rules to pull down and compile the binaries

i see these in the tarball (which I had to pull down manually.. since
oinkmaster deletes it)

drwxr-xr-x 0 vrtbuild vrtbuild 0 Feb 8 12:55 so_rules/
-rw-r--r-- 0 vrtbuild vrtbuild 373 May 31 2010 so_rules/imap.rules
drwxr-xr-x 0 vrtbuild vrtbuild 0 Feb 8 12:55 so_rules/src/
-rw-r--r-- 0 vrtbuild vrtbuild 1344 Nov 12 2008
-rw-r--r-- 0 vrtbuild vrtbuild 3980 Nov 4 09:48
-rw-r--r-- 0 vrtbuild vrtbuild 6016 May 31 2010
-rw-r--r-- 0 vrtbuild vrtbuild 7537 Nov 4 09:39
-rw-r--r-- 0 vrtbuild vrtbuild 6918 Nov 4 09:41
-rw-r--r-- 0 vrtbuild vrtbuild 6008 Oct 3 18:59
-rw-r--r-- 0 vrtbuild vrtbuild 5858 May 31 2010
-rw-r--r-- 0 vrtbuild vrtbuild 1344 Dec 8 2008
-rw-r--r-- 0 vrtbuild vrtbuild 1957 Sep 28 14:47 so_rules/src/snmp_ber.h

so, how to I get oinkmaster to LEAVE them where I can get at them?

(no, I need precompiled rules for freebsd 7.3 amd64.)
so, since there arn't any, I have to compile them myself. no big deal,
I just want to know how to get oinkmaster to leave them there.

while I am at it, how do I keep the new preproc_rules:
got this, should't it keep anything that ends in *.rules?

update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$

do I need something like:
update_files =

-- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see ______________________________________________________________________

The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.

Snort-sigs mailing list