Re: Checking snort rules date and Pulledpork status

[Joel Esler <jesler () sourcefire com>]

On May 30, 2012, at 6:25 AM, Dheeraj Gupta wrote:

> Hi,
> Is it possible to gather release date from snortrules-snapshot tar file via standard tools. We use snort for 
> distributed monitoring and need to setup a central update scheme. I thought about setting up a script that updates 
> snort-rules (via pulledpork) only if the rule file is newer than the current ruleset. Alternatively, is there a way 
> by which we can tell the signature release date of the current snort-signature set loaded into snort?

We publish the md5 of the ruleset.  PulledPork checks this md5 on our website against the last md5 you downloaded and 
if they are different, then it downloads the new rule pack.  So, your request is already taken care of.

> Also is pulledpork still under active development considering the fact that the last release (on code homepage) was 
> over a year ago?

Yes, very much.  Pull the git master if you want the active devel version.  But yes.  JJ is building new features into 
it to support some of the upcoming features of Snort.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!