snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: Jack Pepper <pepperjack_at_nospam>
Date: Fri May 29 2009 - 20:47:51 GMT
To: snort-users@lists.sourceforge.net


Quoting "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com>:

> what you mean by rule manipulation) as well. So I guess my initial
> question still stands: does anyone want to share a script that
> checks the MD5 first?

How about this:

wget -q -O "${SNORTDIR}/snortrules.tar.gz.md5.new" http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz.md5 if [ $? -ne 0 ] ; then echo "MD5 download failed" exit
fi
OLDSUM=`md5sum ${SNORTDIR}/snortrules.tar.gz.new | awk '{print $1}'` NEWSUM=`awk 'NF == 4 && $3 == "=" {print $NF;}' ${SNORTDIR}/snortrules.tar.gz.md5.new`
if [ $OLDSUM == $NEWSUM ] ; then

         echo "No rule changes"
else

         cp -p ${SNORTDIR}/snortrules.tar.gz.new ${SNORTDIR}/snortrules.tar.gz.old

         wget -O "${SNORTDIR}/snortrules.tar.gz.new" http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz if [ $? -ne 0 ] ; then echo "snort rules download failed" exit fi
fi

If the format of the MD5 file ever changes we're screwed, but here's what i'll be using until then.

jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users