snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: JJ Cummings <cummingsj_at_nospam>
Date: Fri May 29 2009 - 19:57:10 GMT
To: Joel Esler <jesler@sourcefire.com>


or use pulledpork to grab the rules file (and verify) then use oinkmaster to manipulate it the way that you want to for now.. since you can specify where oinkmaster gets the rules file from..

On Fri, May 29, 2009 at 1:40 PM, Joel Esler <jesler@sourcefire.com> wrote:

> I don't know of one, but it would be extremely easy to write. I would do
> it, but a plane is calling my name.
>
> --Joel Esler | Sourcefire | 302-223-5974
>
> On May 29, 2009, at 2:22 PM, "Jefferson, Shawn" <
> Shawn.Jefferson@bcferries.com> wrote:
>
> Hi,
>
>
>
> Sounds like it will be the replacement for Oinkmaster, but currently Iím
> using Oinkmaster to disable certain rules (Iím assuming thatís what you mean
> by rule manipulation) as well. So I guess my initial question still stands:
> does anyone want to share a script that checks the MD5 first?
>
>
>
> Thanks,
>
> Shawn
>
>
> ------------------------------
>
> *From:* jcummings@sourcefire.com [mailto:jcummings@sourcefire.com<jcummings@sourcefire.com>]
> *On Behalf Of *JJ Cummings
> *Sent:* May 29, 2009 12:13 PM
> *To:* Jefferson, Shawn
> *Cc:* Snort Users List
> *Subject:* Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
>
>
> Well, it's complete as of phase 1 in the timeline for release 0.1 so if you
> need to do any rule manipulation.. that's coming.. within the next few weeks
> hopefully.
>
> Release 0.1:
>
> - First *Beta* Release
> - Downloads latest rules file
> - Verifies MD5 of local rules file
> - If MD5 has not changed from snort.org.. doesn't fetch files again
> - handle both rules and so_rules
> - Capability to generate stub files
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 1:09 PM, Jefferson, Shawn <<Shawn.Jefferson@bcferries.com>
> Shawn.Jefferson@bcferries.com> wrote:
>
> Iíll take a look at it.
>
>
>
> At this point though, it hasnít been ďreleasedĒ officially and still in
> beta though, right?
>
>
> ------------------------------
>
> *From:* <jcummings@sourcefire.com>jcummings@sourcefire.com [mailto:<jcummings@sourcefire.com>
> jcummings@sourcefire.com] *On Behalf Of *JJ Cummings
> *Sent:* May 29, 2009 12:04 PM
> *To:* Jefferson, Shawn
> *Cc:* Snort Users List
>
>
> *Subject:* Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
>
>
> pulledpork does this.. it can be found here =>
> <http://code.google.com/p/pulledpork>http://code.google.com/p/pulledpork
>
> I just finished modifying it so that no matter the format of the md5 file
> it will only grab the hash value out of it.. so should be good to go with
> that one now.
>
> Cheers,
> JJC
>
> On Fri, May 29, 2009 at 12:48 PM, Jefferson, Shawn <<Shawn.Jefferson@bcferries.com>
> Shawn.Jefferson@bcferries.com> wrote:
>
> Does anyone have a shell script that downloads the md5 and compares it to
> the last one before running oinkmaster.pl that they want to share?
>
> I'm in the "downloading once a day" camp, and I've noticed that this has
> been failing quite often lately.
>
>
> -----Original Message-----
> From: Sandro guly Zaccarini [mailto: <guly@luv.guly.org>guly@luv.guly.org]
> Sent: May 29, 2009 10:36 AM
> To: 'Snort Users List'
> Cc: Jeff Dell
> Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download
> Error?
>
> On Fri, May 29, 2009 at 12:56:01PM -0400, Jeff Dell wrote:
> > The problem with once a week is what happens if you check on Monday at
> 8am
> > and the rules are updated on Monday at 8:05? You won't get any updates
> for 2
> > weeks. It would be really great to have something like a checksum that
> will
> > be available to see if there is a change in the rules file.
>
> actually there is an md5 file, and i was thinkin' about asking why VRT
> changed its format without alerting users before.
> personally, i download daily that md5 file and compare to the latest md5
> i've got: if they don't match it means that there is something new.
>
> but we're a bit OT here :)
>
> sz
>
> --
> /"\ taste your favourite sysadmin
> \ / gpg public key <http://www.guly.org/guly.asc>
> http://www.guly.org/guly.asc
> X
> / \
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. <http://p.sf.net/sfu/creativitycat-com>
> http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> <Snort-users@lists.sourceforge.net>Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> <https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
>
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>



Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users