snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: JJ Cummings <cummingsj_at_nospam>
Date: Fri May 29 2009 - 21:03:02 GMT
To: Jack Pepper <pepperjack@afferentsecurity.com>


You could add a simple regex check of the data inside of the md5 file to get only the hash value to compare against also..

/[0-9a-zA-Z]{32}/

On Fri, May 29, 2009 at 2:47 PM, Jack Pepper < pepperjack@afferentsecurity.com> wrote:

> Quoting "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com>:
>
> > what you mean by rule manipulation) as well. So I guess my initial
> > question still stands: does anyone want to share a script that
> > checks the MD5 first?
>
> How about this:
>
> wget -q -O "${SNORTDIR}/snortrules.tar.gz.md5.new"
>
> http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz.md5<http://www.snort.org/pub-bin/oinkmaster.cgi/$%7BOINK%7D/snortrules-snapshot-2.8.tar.gz.md5>
> if [ $? -ne 0 ] ; then
> echo "MD5 download failed"
> exit
> fi
> OLDSUM=`md5sum ${SNORTDIR}/snortrules.tar.gz.new | awk '{print $1}'`
> NEWSUM=`awk 'NF == 4 && $3 == "=" {print $NF;}'
> ${SNORTDIR}/snortrules.tar.gz.md5.new`
> if [ $OLDSUM == $NEWSUM ] ; then
> echo "No rule changes"
> else
> cp -p ${SNORTDIR}/snortrules.tar.gz.new
> ${SNORTDIR}/snortrules.tar.gz.old
> wget -O "${SNORTDIR}/snortrules.tar.gz.new"
>
> http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz<http://www.snort.org/pub-bin/oinkmaster.cgi/$%7BOINK%7D/snortrules-snapshot-2.8.tar.gz>
> if [ $? -ne 0 ] ; then
> echo "snort rules download failed"
> exit
> fi
> fi
>
> If the format of the MD5 file ever changes we're screwed, but here's
> what i'll be using until then.
>
> jp
> --
>
> Framework? I don't need no stinking framework!
>
> ----------------------------------------------------------------
> @fferent Security Labs: Isolate/Insulate/Innovate
> http://www.afferentsecurity.com
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users