Snort mailing list archives
Re: SF: Someone please update the gen-msg.map in rules tarball
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Thu, 20 May 2010 20:36:48 -0400
On Thu, May 20, 2010 at 7:37 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:
On 21/05/2010, at 12:22 AM, Nigel Houghton wrote:On Wed, May 19, 2010 at 9:29 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:Hi Nigel, http://www.snort.org/pub-bin/oinkmaster.cgi/oinkcode/snortrules-snapshot-2.8.tar.gz I get permission denied when I get the _s file as we decided not to renew our sub. Should I re-register? RussellYou might need a new oinkcode.logged into www.snort.org and checked the download page and oinkcode. It it clear that the _s files are for *subscribers*, registered users use the non _s files and it is this one that has the old gen-msg.map file. [snort@ruru ~]$ cd ~/Rules/ [snort@ruru Rules]$ wget http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=c7570aa634a8ad8dcf4e9f3ec8246f079cde0e31 [ snip ] 11:25:01 (252 KB/s) - `snortrules-snapshot-2.8.tar.gz.1' saved [38956782/38956782] [snort@ruru Rules]$ ls -l snortrules-snapshot-2.8.tar.gz* -rw-rw-r-- 1 snort snort 38956782 May 16 02:51 snortrules-snapshot-2.8.tar.gz -rw-rw-r-- 1 snort snort 38956782 May 16 02:51 snortrules-snapshot-2.8.tar.gz.1 -rw-rw-r-- 1 snort snort 32 May 16 02:51 snortrules-snapshot-2.8.tar.gz.md5 [snort@ruru Rules]$ cd snapshot-2.8/ [snort@ruru snapshot-2.8]$ tar -zxf ../snortrules-snapshot-2.8.tar.gz.1 [snort@ruru snapshot-2.8]$ ls -l etc total 2160 -rw-r--r-- 1 snort snort 3547 Mar 16 10:00 classification.config -rw-r--r-- 1 snort snort 2060 Jan 19 2007 generators -rw-r--r-- 1 snort snort 12103 Sep 20 2007 gen-msg.map -rw-r--r-- 1 snort snort 230 Dec 19 2003 Makefile.am -rw-r--r-- 1 snort snort 1112 Jan 20 08:09 open-test.conf -rw-r--r-- 1 snort snort 608 Oct 21 2003 reference.config -rw-r--r-- 1 snort snort 5 Jan 6 2006 sid -rw-r--r-- 1 snort snort 2081151 Apr 16 03:29 sid-msg.map -rw-r--r-- 1 snort snort 17646 Apr 14 08:35 snort.conf -rw-r--r-- 1 snort snort 2319 Dec 6 2003 threshold.conf -rw-r--r-- 1 snort snort 53841 Oct 21 2003 unicode.map [snort@ruru snapshot-2.8]$ note the timestamp on gen-msg.map -- Sep 20 2007!
Well, the good news is that the gen-msg.map is up to date in the snortrules-snapshot-2853_s.tar.gz and the snortrules-snapshot-2860_s.tar.gz tar balls. The bad news is that you don't yet have it in the registered tar balls (except for those running 2.8.6.0 for whom we put the latest subscriber pack up for download to bridge the gap for shared object rules). You could always download that file and extract the gen-msg.map from it. Or you could use the one attached. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/
Attachment:
gen-msg.map
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SF: Someone please update the gen-msg.map in rules tarball Russell Fulton (May 19)
- Re: SF: Someone please update the gen-msg.map in rules tarball Nigel Houghton (May 19)
- Re: SF: Someone please update the gen-msg.map in rules tarball Russell Fulton (May 19)
- Re: SF: Someone please update the gen-msg.map in rules tarball Nigel Houghton (May 20)
- Re: SF: Someone please update the gen-msg.map in rules tarball Russell Fulton (May 20)
- Re: SF: Someone please update the gen-msg.map in rules tarball Nigel Houghton (May 20)
- Re: SF: Someone please update the gen-msg.map in rules tarball Russell Fulton (May 19)
- Re: SF: Someone please update the gen-msg.map in rules tarball Nigel Houghton (May 19)