Snort mailing list archives
Re: oinkmaster and so rules.. FAQ broken?
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 8 Feb 2011 19:52:21 -0500
Have you tried pulledpork? It takes care of all this for you (plus much more) J On Feb 8, 2011, at 7:44 PM, Michael Scheidell wrote:
so, the oinkmaster FAQ is offline, or missing, and I want to know how to use oinkmaster on our VRT rules to pull down and compile the binaries locally. i see these in the tarball (which I had to pull down manually.. since oinkmaster deletes it) drwxr-xr-x 0 vrtbuild vrtbuild 0 Feb 8 12:55 so_rules/ -rw-r--r-- 0 vrtbuild vrtbuild 373 May 31 2010 so_rules/imap.rules drwxr-xr-x 0 vrtbuild vrtbuild 0 Feb 8 12:55 so_rules/src/ -rw-r--r-- 0 vrtbuild vrtbuild 1344 Nov 12 2008 so_rules/src/web-misc_base64_decode.h -rw-r--r-- 0 vrtbuild vrtbuild 3980 Nov 4 09:48 so_rules/src/dos_ms06-32.c -rw-r--r-- 0 vrtbuild vrtbuild 6016 May 31 2010 so_rules/src/imap_mercur-imapd-ntlmssp.c -rw-r--r-- 0 vrtbuild vrtbuild 7537 Nov 4 09:39 so_rules/src/smtp_mailenable-ntlm.c -rw-r--r-- 0 vrtbuild vrtbuild 6918 Nov 4 09:41 so_rules/src/multimedia_cve-2008-5616-mplayer-demux-open-vqf-bo.c -rw-r--r-- 0 vrtbuild vrtbuild 6008 Oct 3 18:59 so_rules/src/misc_mysql-com-table-dump.c -rw-r--r-- 0 vrtbuild vrtbuild 5858 May 31 2010 so_rules/src/nntp_xhdr-bo.c -rw-r--r-- 0 vrtbuild vrtbuild 1344 Dec 8 2008 so_rules/src/netbios_base64-decode.h -rw-r--r-- 0 vrtbuild vrtbuild 1957 Sep 28 14:47 so_rules/src/snmp_ber.h so, how to I get oinkmaster to LEAVE them where I can get at them? (no, I need precompiled rules for freebsd 7.3 amd64.) so, since there arn't any, I have to compile them myself. no big deal, I just want to know how to get oinkmaster to leave them there. while I am at it, how do I keep the new preproc_rules: got this, should't it keep anything that ends in *.rules? update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ do I need something like: update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$|../so_rules/src/*|../preproc_rules/* -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300| SECNAP Network Security CorporationCertified SNORT Integrator 2008-9 Hot Company Award Winner, World Executive Alliance Five-Star Partner Program 2009, VARBusiness Best in Email Security,2010: Network Products Guide King of Spam Filters, SC Magazine 2008 This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
-- Joel Esler jesler () sourcefire com http://blog.snort.org && http://blog.clamav.net
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
- Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)