snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: Jefferson, Shawn <Shawn.Jefferson_at_nospam>
Date: Fri May 29 2009 - 19:22:13 GMT
To: JJ Cummings <cummingsj@gmail.com>


Hi,

Sounds like it will be the replacement for Oinkmaster, but currently I'm using Oinkmaster to disable certain rules (I'm assuming that's what you mean by rule manipulation) as well. So I guess my initial question still stands: does anyone want to share a script that checks the MD5 first?

Thanks,
Shawn



From: jcummings@sourcefire.com [mailto:jcummings@sourcefire.com] On Behalf Of JJ Cummings Sent: May 29, 2009 12:13 PM
To: Jefferson, Shawn
Cc: Snort Users List
Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

Well, it's complete as of phase 1 in the timeline for release 0.1 so if you need to do any rule manipulation.. that's coming.. within the next few weeks hopefully.

Release 0.1:

  • First Beta Release
  • Downloads latest rules file
  • Verifies MD5 of local rules file
  • If MD5 has not changed from snort.org.. doesn't fetch files again
  • handle both rules and so_rules
  • Capability to generate stub files Cheers, JJC On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com<mailto:Shawn.Jefferson@bcferries.com>> wrote:

I'll take a look at it.

At this point though, it hasn't been "released" officially and still in beta though, right?


From: jcummings@sourcefire.com<mailto:jcummings@sourcefire.com> [mailto:jcummings@sourcefire.com<mailto:jcummings@sourcefire.com>] On Behalf Of JJ Cummings Sent: May 29, 2009 12:04 PM
To: Jefferson, Shawn
Cc: Snort Users List

Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

pulledpork does this.. it can be found here => http://code.google.com/p/pulledpork

I just finished modifying it so that no matter the format of the md5 file it will only grab the hash value out of it.. so should be good to go with that one now.

Cheers,
JJC On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com<mailto:Shawn.Jefferson@bcferries.com>> wrote:

Does anyone have a shell script that downloads the md5 and compares it to the last one before running oinkmaster.pl that they want to share?

I'm in the "downloading once a day" camp, and I've noticed that this has been failing quite often lately.

-----Original Message-----
From: Sandro guly Zaccarini [mailto:guly@luv.guly.org<mailto:guly@luv.guly.org>] Sent: May 29, 2009 10:36 AM
To: 'Snort Users List'
Cc: Jeff Dell
Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> The problem with once a week is what happens if you check on Monday at 8am
> and the rules are updated on Monday at 8:05? You won't get any updates for 2
> weeks. It would be really great to have something like a checksum that will
> be available to see if there is a change in the rules file.

actually there is an md5 file, and i was thinkin' about asking why VRT changed its format without alerting users before. personally, i download daily that md5 file and compare to the latest md5 i've got: if they don't match it means that there is something new.

but we're a bit OT here :)

sz -- /"\ taste your favourite sysadmin \ / gpg public key http://www.guly.org/guly.asc X / \ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users> list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

_______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users