Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?
From: Mike Lococo <mike.lococo () nyu edu>
Date: Tue, 22 Mar 2011 11:05:01 -0400
On 03/22/2011 10:10 AM, NA wrote:
On 3/21/11 4:12 PM, waldo kitty wrote:On 3/21/2011 15:23, Matthew Jonkman wrote:But fork and re-sid makes it tough for folks to combine the open ruleset with VRT. That'd be easiest for us long term, but doesn't make it easy for us to do the no-gpl rulesets. If folks are happy with not being able to easily combine with VRT then we can go that direction.please see my earlier response RE: everyone carry the GPL in a special rules set file so that those who want to include it in their operations can enable it in their configs and everyone else can (leave them) disable(d) in their's...After reading this thread for the last 4 days this suggestion makes the most sense. With this idea there could even be two sets of GPL rules. A user could enable one or the other, or neither.
* This prevents us from properly categorizing the GPL rules. * It doesn't address the thousands of other cases of overlap between the two rulesets. * It cannot scale to address the additional cases of overlap without completely abandoning the categorization system. * There are other ways to enable easy rule enable/disable besides clumping them into a single file, like a ref-tag or msg-pattern. I know as a beginner that rule-files seem like a handy way to enable/disable rules because it's so simple, but the fundamental problem is that every method of organizing rule-files conflicts with every other method and we can't do them all. Learn to use the pcre options in pulled-pork and you'll be much better off when managing complex rulesets. Cheers, Mike Lococo ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?, (continued)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jeff Kell (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? NA (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Mike Lococo (Mar 23)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)