snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: Joel Esler <jesler_at_nospam>
Date: Fri May 29 2009 - 19:40:31 GMT
To: "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com>


I don't know of one, but it would be extremely easy to write. I would do it, but a plane is calling my name. -- Joel Esler | Sourcefire | 302-223-5974 On May 29, 2009, at 2:22 PM, "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com > wrote:
> Hi,
>
>
>
> Sounds like it will be the replacement for Oinkmaster, but currently
> I’m using Oinkmaster to disable certain rules (I’m assuming
> that’s what you mean by rule manipulation) as well. So I guess my i
> nitial question still stands: does anyone want to share a script tha
> t checks the MD5 first?
>
>
>
> Thanks,
>
> Shawn
>
>
>
> From: jcummings@sourcefire.com [mailto:jcummings@sourcefire.com] On
> Behalf Of JJ Cummings
> Sent: May 29, 2009 12:13 PM
> To: Jefferson, Shawn
> Cc: Snort Users List
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz
> Download Error?
>
>
>
> Well, it's complete as of phase 1 in the timeline for release 0.1 so
> if you need to do any rule manipulation.. that's coming.. within the
> next few weeks hopefully.
>
> Release 0.1:
>
> First Beta Release
> Downloads latest rules file
> Verifies MD5 of local rules file
> If MD5 has not changed from snort.org.. doesn't fetch files again
> handle both rules and so_rules
> Capability to generate stub files
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com
> > wrote:
>
> I’ll take a look at it.
>
>
>
> At this point though, it hasn’t been “released” officially and
> still in beta though, right?
>
>
>
> From: jcummings@sourcefire.com [mailto:jcummings@sourcefire.com] On
> Behalf Of JJ Cummings
> Sent: May 29, 2009 12:04 PM
> To: Jefferson, Shawn
> Cc: Snort Users List
>
>
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz
> Download Error?
>
>
>
> pulledpork does this.. it can be found here => http://code.google.com/p/pulledpork
>
> I just finished modifying it so that no matter the format of the md5
> file it will only grab the hash value out of it.. so should be good
> to go with that one now.
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com
> > wrote:
>
> Does anyone have a shell script that downloads the md5 and compares
> it to the last one before running oinkmaster.pl that they want to
> share?
>
> I'm in the "downloading once a day" camp, and I've noticed that this
> has been failing quite often lately.
>
>
> -----Original Message-----
> From: Sandro guly Zaccarini [mailto:guly@luv.guly.org]
> Sent: May 29, 2009 10:36 AM
> To: 'Snort Users List'
> Cc: Jeff Dell
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz
> Download Error?
>
> On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> > The problem with once a week is what happens if you check on
> Monday at 8am
> > and the rules are updated on Monday at 8:05? You won't get any
> updates for 2
> > weeks. It would be really great to have something like a checksum
> that will
> > be available to see if there is a change in the rules file.
>
> actually there is an md5 file, and i was thinkin' about asking why VRT
> changed its format without alerting users before.
> personally, i download daily that md5 file and compare to the latest
> md5
> i've got: if they don't match it means that there is something new.
>
> but we're a bit OT here :)
>
> sz
>
> --
> /"\ taste your favourite sysadmin
> \ / gpg public key http://www.guly.org/guly.asc
> X
> / \
>
> ---
> ---
> ---
> ---------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity
> professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like
> Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
> ---
> ---
> ---
> ---------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity
> professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like
> Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

_______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users