Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: JJ Cummings <cummingsj () gmail com>
Date: Fri, 29 May 2009 15:03:02 -0600
You could add a simple regex check of the data inside of the md5 file to get
only the hash value to compare against also..

/[0-9a-zA-Z]{32}/

On Fri, May 29, 2009 at 2:47 PM, Jack Pepper <
pepperjack () afferentsecurity com> wrote:


Quoting "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>:


what you mean by rule manipulation) as well.  So I guess my initial
question still stands: does anyone want to share a script that
checks the MD5 first?


How about this:

wget -q -O "${SNORTDIR}/snortrules.tar.gz.md5.new"

http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz.md5<http://www.snort.org/pub-bin/oinkmaster.cgi/$%7BOINK%7D/snortrules-snapshot-2.8.tar.gz.md5>
if [ $? -ne 0 ] ; then
        echo "MD5 download failed"
        exit
fi
OLDSUM=`md5sum ${SNORTDIR}/snortrules.tar.gz.new | awk '{print $1}'`
NEWSUM=`awk 'NF == 4 && $3 == "=" {print $NF;}'
${SNORTDIR}/snortrules.tar.gz.md5.new`
if [ $OLDSUM == $NEWSUM ] ; then
        echo "No rule changes"
else
        cp -p ${SNORTDIR}/snortrules.tar.gz.new
${SNORTDIR}/snortrules.tar.gz.old
        wget  -O "${SNORTDIR}/snortrules.tar.gz.new"

http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-snapshot-2.8.tar.gz<http://www.snort.org/pub-bin/oinkmaster.cgi/$%7BOINK%7D/snortrules-snapshot-2.8.tar.gz>
        if [ $? -ne 0 ] ; then
                echo "snort rules download failed"
                exit
        fi
fi

If the format of the MD5 file ever changes we're screwed, but here's
what i'll be using until then.

jp
--

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate
http://www.afferentsecurity.com



------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals.
Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: