Snort mailing list archives
Re: Which so_rules to use
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 24 May 2017 19:55:23 +0000
If we provide the src, you can compile them on your own. The pre-compiled ones are without src, and contain a ton of detection not available anywhere else (zero-days that only we have protection for, etc). -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On May 24, 2017, at 3:06 PM, Charlie Dyer <charlierwdyer () gmail com<mailto:charlierwdyer () gmail com>> wrote: Thanks for your reply, I'll take a look at pulledpork. Can you tell me if the .so files are actually the same and the size difference is just down to compilation differences? Or do the precompiled and src .so files essentially contain different 'stuff'? On Wed, May 24, 2017 at 5:29 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: You should use pulledpork to manage your ruleset, it will take care of which version you need, according to the operating system you are using or the one you specify. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On May 24, 2017, at 9:14 AM, Charlie Dyer <charlierwdyer () gmail com<mailto:charlierwdyer () gmail com>> wrote: Hello I've compiled the so_rules from the src folder but see there are precompiled so_rules with the same name, but some of them have vastly different file sizes. There are also precompiled .so files which aren't in the src folder once compiled and vice versa. Does anyone know which .so files to use? For example there is a file-flash.so in the precompiled folder and the src folder, which should I use? Many thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org<http://slashdot.org/>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use James Lay (May 28)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use James Lay (May 28)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use Joel Esler (jesler) (May 28)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)