Re: Re: [Snort-sigs] Oinkmaster questions

[Anthony Kim <Anthony.Kim () VWCREDIT COM>]

On Tue, Jun 10, 2003, Russell Fulton wrote:

> On Tue, 2003-06-10 at 07:00, Philip Davidson wrote:
> > Hello all,
> >
> >  
> >
> > Has anyone ever had any problems with letting oinkmaster be
> > fully automated?  Some documentation that I have says that it
> > could be unreliable for a couple of reasons.  But I am
> > wondering if anyone has ever had any problems like snort
> > messing up as a result of full automation.
>
> There have been *very* occasional glitches where new rules have
> trigged bugs in some configurations.  I have my own equivalent
> of oinkmaster (I'm currently dumping it in favour of
> oinkmaster) and I have had problems with it barfing on some new
> rules that it did not know how to handle.  Oinkmaster is
> probably more robust in this respect -- it does not try to be
> as smart as mine ;-) and is more stable because of it.

I was considering adding md5 checksum verification to oinkmaster
at some point but never got around to it.

Anyhow for now I use make, sed, and CVS which works fine.

md5 checking can look a little like this in your Makefile:

checksum:
        CKSUM=`md5sum snortrules-stable.tar.gz | awk '{print $$1}'`;\
        grep $$CKSUM snortrules-stable.tar.gz.md5 >/dev/null 2>&1 || \
                (echo "Checksum does not match!" && exit 1)

Oinkmaster does have a simple elegance to it and is preferable
for most people I'm sure.



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users