Snort mailing list archives
Re: PullePork SO Rules Management?
From: JJC <cummingsj () gmail com>
Date: Wed, 4 May 2011 13:46:12 -0600
Perfect, thanks for checking, and for the note of the perms issue, I'll gladly add it to the codebase.. if you would be so kind as to bug it in the bugtracker! Oh, and Nigel.. this topposting was just for you big guy~! JJC On Wed, May 4, 2011 at 1:40 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:
On 5/4/2011 5:30 PM, JJC wrote: Part of your problem is your OS definition, it should be Centos-5-4 and not CentOS-5-4, that may be causing all of it, please let me know what the results are after modifying that. Note the path in the rules tarball: /so_rules/precompiled/Centos-5-4/x86-64/2.9.0.4/ When you have to hit ENTER to finish the sid-msg.map, does the sid-msg.map still generate? JJC Figures it would be something that stupid, just so used to typing CentOS case specifically instead of noticing the directory structure inside the tarball. Thanks for pointing that out. Did notice that the *.so files got moved correctly this time around, but end up with the same uid/gid that owns them inside of the tarball that doesn't exist on most systems (1210:1210). Looks like this happens when you run pulledpork.pl as root. I wish the VRT's files within the tarball were just set to root.root so as to not end up with unowned/incorrectly owned files on the systems upon extraction by default without adding --no-same-permissions or something similar to the tar command. Looks like Archive::Tar supports the --no-same-permissions style stuff so I added this inside of sub rule_extract: From: ---SNIP--- my $tar = Archive::Tar->new(); $tar->read( $temp_path . $rule_file ); ---SNIP--- To: ---SNIP--- local $Archive::Tar::CHOWN = 0; my $tar = Archive::Tar->new(); $tar->read( $temp_path . $rule_file ); ---SNIP--- This appears to stop the incorrectly owned files if you run pulledpork.plas root. -- Eoin
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs JJC (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 05)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 05)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)