Snort mailing list archives
Oinkmaster v0.9 released.
From: Andreas Östling <andreaso () it su se>
Date: Tue, 2 Dec 2003 20:42:26 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Oinkmaster v0.9 has been released. Download: http://prdownloads.sourceforge.net/oinkmaster/oinkmaster-0.9.tar.gz?download MD5: 8ed30c07f2ef5c977e1201a014bf9c5c PGP signature: http://oinkmaster.sourceforge.net/oinkmaster-0.9.tar.gz.asc Please note that the Oinkmaster homepage has moved to http://oinkmaster.sourceforge.net/ For those who don't know, Oinkmaster is a simple tool to update/manage Snort signatures. Changes from v0.8: o It's much faster now. o Added ability to use "include <file>" in oinkmaster configuration files. <file> will be parsed (just like a regular oinkmaster.conf) as soon as the include statement is seen, and then return and continue parsing the rest of the original file. If an option is re-defined, it will override the previous value. You can use as many 'include' statements as you wish, and also include even more files from included files. o Also permit an arbitrary number of "-C" arguments to be specified on command line to load multiple config files. They will be loaded in the order of appearance. o Permit https://... in url specification. Only useful if your wget is SSL-enabled and you download from an SSL-enabled site. o Permit scp://<user>@<remotehost>:<file.tar.gz> in url specification. The rules archive will be copied from remotehost using scp (only tested with OpenSSH). You can specify a private key with scp_key = ... in oinkmaster.conf (or set it in ~/.ssh/config). o You can now specify "-i" for interactive mode. You will be asked to approve the changes before Oinkmaster modifies anything. o Added 'enablesid' option to oinkmaster.conf. o Slightly improved rules parsing (order of sid and msg does not matter). o oinkmaster.conf will be searched for in /etc/ and /usr/local/etc/ by default. o Make contrib/create-sidmap.pl and contrib/addsid.pl take an arbtitrary number of directories as argument. o Added a FAQ. o wget is now always run in verbose mode, although the output is not displayed unless you run Oinkmaster in verbose mode as well, or if an error occurs (i.e. no more need to re-run in verbose mode just to get decent error messages). o deleted.rules is now ignored (with a "skipfile delete.rules") in the default oinkmaster.conf. o You can now specify a wildcard ('*') to the modifysid keyword, like modifysid * "foo" | "bar", to apply the substitution expression to all matching rules. This enables you to do stuff like convert all rules of a certain classtype to 'drop' rules, or replace all 'flow' keywords with "flags: A+;", and so on. See oinkmaster.conf for examples. o Include seconds in filename of backup tarball. o Many other minor improvements. /Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (OpenBSD) iD8DBQE/zOsiytHlY5LIf/YRAoO6AKCBIKEqFHJ6zGfPce2kbFeSZPmmQQCffvHk fgyVFecCPkEaZQzBuwOAnaY= =deTo -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oinkmaster v0.9 released. Andreas Östling (Dec 02)