Snort mailing list archives
snort signatures on www.snort.org
From: Russell Fulton <r.fulton () auckland ac nz>
Date: 29 May 2002 14:57:14 +1200
Hi, I am looking for a way to determine if the snort rule file: http://www.snort.org/dl/signatures/snortrules.tar.gz has actually changed so I don't download a new rule set unless I need to. So far as I can tell this file is rebuilt once a day regardless of whether or not any changes have been made. When I first realized this I grabbed the MD5 sum and compared that to one for my current rules but clearly some timestamps on the files change and the md5 hash for the tarball changes even though the file contents apparently have not. Any suggestions? Alternatively could the script that makes the snapshot check to see if there are any changes before building the tarball and rebuild it only if necessary. Or should I use CVS to mirror the source tree every night and adjust my script to process rule files from the local copy if there have been any changes. BTW I have a perl script that implements a batch editor for modifying rule files before passing them to the live snort. It can delete specific rules and change, delete or add rules for other rules. At the moment I am just using it to delete noisy rules but there are several rules that I want to tweak for local conditions. If anyone is interested then drop me a line. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort signatures on www.snort.org Russell Fulton (May 28)