Snort mailing list archives
Re: PulledPork and missing sets
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 6 Jul 2011 13:10:12 -0600
Ya helps if I add the -k....8-|.....is it Friday yet?? James
-----Original Message----- From: Lay, James [mailto:james.lay () wincofoods com] Sent: Wednesday, July 06, 2011 11:24 AM To: snort-users () lists sourceforge net Subject: [Snort-users] PulledPork and missing sets Hey all, So....I'm still evaluating pp vs. oinkmaster. After I run pulled pork
I
have 46 emerging threats rulesets, yet the downloaded tarball shows 53 rulesets....why? Thanks for any help. James The pp run: sudo perl /opt/bin/pulledpork.pl -c /opt/etc/snort/pulledpork/pulledpork.conf -T Pulledpork.conf:
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2905.tar.g
z|<oinkcode>
rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-n
ogpl ignore=deleted.rules,experimental.rules,local.rules temp_path=/tmp out_path=/opt/etc/snort/rules/ rule_path=/opt/etc/snort/rules/snort.rules local_rules=/opt/etc/snort/rules/local.rules sid_msg=/opt/etc/snort/sid-msg.map sid_changelog=/var/log/sid_changes.log sorule_path=/opt/lib/snort_dynamicrules/ snort_path=/opt/bin/snort config_path=/opt/etc/snort/snort.conf sostub_path=/opt/etc/snort/rules/so_rules.rules Results of the run: Checking latest MD5 for snortrules-snapshot-2905.tar.gz.... No Match Done Rules tarball download of snortrules-snapshot-2905.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-2905.tar.gz for work.... Done! Checking latest MD5 for emerging.rules.tar.gz.... No Match Done Rules tarball download of emerging.rules.tar.gz.... They Match Done! Prepping rules from emerging.rules.tar.gz for work.... Done! Reading rules... Setting Flowbit State.... Enabled 57 flowbits Enabled 25 flowbits Done Writing /opt/etc/snort/rules/snort.rules.... Done Generating sid-msg.map.... Done Writing /opt/etc/snort/sid-msg.map.... Done Writing /var/log/sid_changes.log.... Done Rule Stats.... New:-------26715 Deleted:---0 Enabled Rules:----19385 Dropped Rules:----0 Disabled Rules:---7330 Total Rules:------26715 Done Please review /var/log/sid_changes.log for additional details After the run 46 rulesets: ET-emerging-activex.rules ET-emerging-attack_response.rules ET-emerging-botcc-BLOCK.rules ET-emerging-botcc.rules ET-emerging-chat.rules ET-emerging-ciarmy.rules ET-emerging-compromised-BLOCK.rules ET-emerging-compromised.rules ET-emerging-current_events.rules ET-emerging-deleted.rules ET-emerging-dns.rules ET-emerging-dos.rules ET-emerging-drop-BLOCK.rules ET-emerging-drop.rules ET-emerging-dshield-BLOCK.rules ET-emerging-dshield.rules ET-emerging-exploit.rules ET-emerging-ftp.rules ET-emerging-games.rules ET-emerging-inappropriate.rules ET-emerging-malware.rules ET-emerging-misc.rules ET-emerging-mobile_malware.rules ET-emerging-netbios.rules ET-emerging-p2p.rules ET-emerging-policy.rules ET-emerging-rbn-BLOCK.rules ET-emerging-rbn.rules ET-emerging-scada.rules ET-emerging-scan.rules ET-emerging-shellcode.rules ET-emerging-smtp.rules ET-emerging-snmp.rules ET-emerging-sql.rules ET-emerging-telnet.rules ET-emerging-tftp.rules ET-emerging-tor-BLOCK.rules ET-emerging-tor.rules ET-emerging-trojan.rules ET-emerging-user_agents.rules ET-emerging-virus.rules ET-emerging-voip.rules ET-emerging-web_client.rules ET-emerging-web_server.rules ET-emerging-web_specific_apps.rules ET-emerging-worm.rules Downloaded ET tarball shows 53 rulesets: emerging-activex.rules emerging-attack_response.rules emerging-botcc-BLOCK.rules emerging-botcc.rules emerging-chat.rules emerging-ciarmy.rules emerging-compromised-BLOCK.rules emerging-compromised.rules emerging-current_events.rules emerging-deleted.rules emerging-dns.rules emerging-dos.rules emerging-drop-BLOCK.rules emerging-drop.rules emerging-dshield-BLOCK.rules emerging-dshield.rules emerging-exploit.rules emerging-ftp.rules emerging-games.rules emerging-icmp_info.rules emerging-icmp.rules emerging-imap.rules emerging-inappropriate.rules emerging-malware.rules emerging-misc.rules emerging-mobile_malware.rules emerging-netbios.rules emerging-p2p.rules emerging-policy.rules emerging-pop3.rules emerging-rbn-BLOCK.rules emerging-rbn-malvertisers-BLOCK.rules emerging-rbn-malvertisers.rules emerging-rbn.rules emerging-rpc.rules emerging-scada.rules emerging-scan.rules emerging-shellcode.rules emerging-smtp.rules emerging-snmp.rules emerging-sql.rules emerging-telnet.rules emerging-tftp.rules emerging-tor-BLOCK.rules emerging-tor.rules emerging-trojan.rules emerging-user_agents.rules emerging-virus.rules emerging-voip.rules emerging-web_client.rules emerging-web_server.rules emerging-web_specific_apps.rules emerging-worm.rules
------------------------------------------------------------------------ ----
-- All of the data generated in your IT infrastructure is seriously
valuable.
Why? It contains a definitive record of application performance,
security
threats, fraudulent activity, and more. Splunk takes this data and
makes
sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- PulledPork and missing sets Lay, James (Jul 06)
- <Possible follow-ups>
- Re: PulledPork and missing sets Lay, James (Jul 06)