Re: oinkmaster and so rules.. FAQ broken?

[Joel Esler <jesler () sourcefire com>]

Have you tried pulledpork?  It takes care of all this for you (plus much more)

J

On Feb 8, 2011, at 7:44 PM, Michael Scheidell wrote:

> so, the oinkmaster FAQ is offline, or missing, and I want to know how to use oinkmaster on our VRT rules to pull down 
> and compile the binaries locally.
>
> i see these in the tarball (which I had to pull down manually.. since oinkmaster deletes it)
>
> drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/
> -rw-r--r--  0 vrtbuild vrtbuild     373 May 31  2010 so_rules/imap.rules
> drwxr-xr-x  0 vrtbuild vrtbuild       0 Feb  8 12:55 so_rules/src/
> -rw-r--r--  0 vrtbuild vrtbuild    1344 Nov 12  2008 so_rules/src/web-misc_base64_decode.h
> -rw-r--r--  0 vrtbuild vrtbuild    3980 Nov  4 09:48 so_rules/src/dos_ms06-32.c
> -rw-r--r--  0 vrtbuild vrtbuild    6016 May 31  2010 so_rules/src/imap_mercur-imapd-ntlmssp.c
> -rw-r--r--  0 vrtbuild vrtbuild    7537 Nov  4 09:39 so_rules/src/smtp_mailenable-ntlm.c
> -rw-r--r--  0 vrtbuild vrtbuild    6918 Nov  4 09:41 so_rules/src/multimedia_cve-2008-5616-mplayer-demux-open-vqf-bo.c
> -rw-r--r--  0 vrtbuild vrtbuild    6008 Oct  3 18:59 so_rules/src/misc_mysql-com-table-dump.c
> -rw-r--r--  0 vrtbuild vrtbuild    5858 May 31  2010 so_rules/src/nntp_xhdr-bo.c
> -rw-r--r--  0 vrtbuild vrtbuild    1344 Dec  8  2008 so_rules/src/netbios_base64-decode.h
> -rw-r--r--  0 vrtbuild vrtbuild    1957 Sep 28 14:47 so_rules/src/snmp_ber.h
>
> so, how to I get oinkmaster to LEAVE them where I can get at them?
>
> (no, I need precompiled rules for freebsd 7.3 amd64.) 
> so, since there arn't any, I have to compile them myself.  no big deal, I just want to know how to get oinkmaster to 
> leave them there.
>
> while I am at it, how do I keep the new preproc_rules:
> got this, should't it keep anything that ends in *.rules?
>
> update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
>
> do I need something like:
> update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$|../so_rules/src/*|../preproc_rules/*
>
>
>
>
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > | SECNAP Network Security Corporation
> Certified SNORT Integrator
> 2008-9 Hot Company Award Winner, World Executive Alliance
> Five-Star Partner Program 2009, VARBusiness
> Best in Email Security,2010: Network Products Guide
> King of Spam Filters, SC Magazine 2008
>
> This email has been scanned and certified safe by SpammerTrap®. 
> For Information please see http://www.secnap.com/products/spammertrap/
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

--
Joel Esler
jesler () sourcefire com
http://blog.snort.org && http://blog.clamav.net

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org