snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: JJ Cummings <cummingsj_at_nospam>
Date: Fri May 29 2009 - 19:12:32 GMT
To: "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com>


Well, it's complete as of phase 1 in the timeline for release 0.1 so if you need to do any rule manipulation.. that's coming.. within the next few weeks hopefully.

Release 0.1:

  • First *Beta* Release
  • Downloads latest rules file
  • Verifies MD5 of local rules file
  • If MD5 has not changed from snort.org.. doesn't fetch files again
  • handle both rules and so_rules
  • Capability to generate stub files

Cheers,
JJC On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn < Shawn.Jefferson@bcferries.com> wrote:

> I’ll take a look at it.
>
>
>
> At this point though, it hasn’t been “released” officially and still in
> beta though, right?
>
>
> ------------------------------
>
> *From:* jcummings@sourcefire.com [mailto:jcummings@sourcefire.com] *On
> Behalf Of *JJ Cummings
> *Sent:* May 29, 2009 12:04 PM
> *To:* Jefferson, Shawn
> *Cc:* Snort Users List
>
> *Subject:* Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
>
>
> pulledpork does this.. it can be found here =>
> http://code.google.com/p/pulledpork
>
> I just finished modifying it so that no matter the format of the md5 file
> it will only grab the hash value out of it.. so should be good to go with
> that one now.
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <
> Shawn.Jefferson@bcferries.com> wrote:
>
> Does anyone have a shell script that downloads the md5 and compares it to
> the last one before running oinkmaster.pl that they want to share?
>
> I'm in the "downloading once a day" camp, and I've noticed that this has
> been failing quite often lately.
>
>
> -----Original Message-----
> From: Sandro guly Zaccarini [mailto:guly@luv.guly.org]
> Sent: May 29, 2009 10:36 AM
> To: 'Snort Users List'
> Cc: Jeff Dell
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
> On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> > The problem with once a week is what happens if you check on Monday at
> 8am
> > and the rules are updated on Monday at 8:05? You won't get any updates
> for 2
> > weeks. It would be really great to have something like a checksum that
> will
> > be available to see if there is a change in the rules file.
>
> actually there is an md5 file, and i was thinkin' about asking why VRT
> changed its format without alerting users before.
> personally, i download daily that md5 file and compare to the latest md5
> i've got: if they don't match it means that there is something new.
>
> but we're a bit OT here :)
>
> sz
>
> --
> /"\ taste your favourite sysadmin
> \ / gpg public key http://www.guly.org/guly.asc
> X
> / \
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>



Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users