Snort mailing list archives

Re: Recent Rule Changes

From: Mike Guiterman <mguiterman () sourcefire com>
Date: Thu, 1 Jul 2010 10:55:16 -0400

Hi John,

You do bring up a good point as to why  _s is no longer necessary.
Subscriber or Registered User access is now determined automatically based
on oinkcode - so the file name differences are no longer necessary.  Users
downloading via oinkmaster/pulled_pork will automatically get the latest
file they have permissions for.

JJ is on this list and is better suited than me to comment specifically on
pulled_pork.

Mike

On Thu, Jul 1, 2010 at 10:08 AM, John York <YorkJ () brcc edu> wrote:

Joel allegedly said:

Date: Wed, 30 Jun 2010 18:43:50 -0400
From: Joel Esler <jesler () sourcefire com>
Subject: [Snort-sigs] Recent Rule Changes


<snip>

For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort

2.8.5.3, the download links >would look as

follows:

Subscriber Release
http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
http://www.snort.org/sub-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

Registered User Release
http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

You will notice in the above urls the difference in between the two

"sub-rules" vs. "reg-rules".  >You will also notice something else, we no
longer have "_s" in the URL anymore.  Many people were >getting confused in
the difference, and we wanted to clear that up by changing the URL easier to

recognize.


<snip>

I've been troubleshooting other problems I'm having downloading rules with
pulledpork.  Either I'm misunderstanding the thread that tells what the new
url's are, I'm misreading the pulledpork 0.4.2 perl code, or pulledpork has
a bug.  It looks to me that it always downloads reg-rules, and doesn't have
any way in the config file to specify reg-rules or sub-rules...

Thanks
John


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

Re: Recent Rule Changes John York (Jul 01)
- Re: Recent Rule Changes JJC (Jul 01)
- Re: Recent Rule Changes Mike Guiterman (Jul 01)