Snort mailing list archives
RE: Re: [Snort-sigs] Oinkmaster questions
From: Philip Davidson <Philip () dpc-paris com>
Date: Tue, 10 Jun 2003 08:05:40 -0500
Yeah, I would like to see something that would check for updates against an md5 checksum. That would be pretty keen. Philip Davidson -----Original Message----- From: Anthony Kim [mailto:Anthony.Kim () VWCREDIT COM] Sent: Monday, June 09, 2003 5:25 PM To: Snort Users (snort-users () lists sourceforge net); (snort-sigs () lists sourceforge net) Subject: Re: [Snort-users] Re: [Snort-sigs] Oinkmaster questions On Tue, Jun 10, 2003, Russell Fulton wrote:
On Tue, 2003-06-10 at 07:00, Philip Davidson wrote:Hello all, Has anyone ever had any problems with letting oinkmaster be fully automated? Some documentation that I have says that it could be unreliable for a couple of reasons. But I am wondering if anyone has ever had any problems like snort messing up as a result of full automation.There have been *very* occasional glitches where new rules have trigged bugs in some configurations. I have my own equivalent of oinkmaster (I'm currently dumping it in favour of oinkmaster) and I have had problems with it barfing on some new rules that it did not know how to handle. Oinkmaster is probably more robust in this respect -- it does not try to be as smart as mine ;-) and is more stable because of it.
I was considering adding md5 checksum verification to oinkmaster at some point but never got around to it. Anyhow for now I use make, sed, and CVS which works fine. md5 checking can look a little like this in your Makefile: checksum: CKSUM=`md5sum snortrules-stable.tar.gz | awk '{print $$1}'`;\ grep $$CKSUM snortrules-stable.tar.gz.md5 >/dev/null 2>&1 || \ (echo "Checksum does not match!" && exit 1) Oinkmaster does have a simple elegance to it and is preferable for most people I'm sure. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Re: [Snort-sigs] Oinkmaster questions Philip Davidson (Jun 10)
- Re: Re: [Snort-sigs] Oinkmaster questions Andreas Östling (Jun 11)
- Re: Re: [Snort-sigs] Oinkmaster questions Anthony Kim (Jun 11)
- Re: Re: [Snort-sigs] Oinkmaster questions Andreas Östling (Jun 11)