Snort mailing list archives

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?

From: Mike Lococo <mike.lococo () nyu edu>
Date: Tue, 22 Mar 2011 11:05:01 -0400

On 03/22/2011 10:10 AM, NA wrote:

On 3/21/11 4:12 PM, waldo kitty wrote:

On 3/21/2011 15:23, Matthew Jonkman wrote:

But fork and re-sid makes it tough for folks to combine the open ruleset with VRT.

That'd be easiest for us long term, but doesn't make it easy for us to do the no-gpl rulesets.

If folks are happy with not being able to easily combine with VRT then we can go that direction.


please see my earlier response RE: everyone carry the GPL in a special rules set 
file so that those who want to include it in their operations can enable it in 
their configs and everyone else can (leave them) disable(d) in their's...


After reading this thread for the last 4 days this suggestion makes the
most sense. With this idea there could even be two sets of GPL rules. A
user could enable one or the other, or neither.


* This prevents us from properly categorizing the GPL rules.
* It doesn't address the thousands of other cases of overlap between
  the two rulesets.
* It cannot scale to address the additional cases of overlap without
  completely abandoning the categorization system.
* There are other ways to enable easy rule enable/disable besides
  clumping them into a single file, like a ref-tag or msg-pattern.

I know as a beginner that rule-files seem like a handy way to
enable/disable rules because it's so simple, but the fundamental problem
is that every method of organizing rule-files conflicts with every other
method and we can't do them all.  Learn to use the pcre options in
pulled-pork and you'll be much better off when managing complex rulesets.

Cheers,
Mike Lococo

------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?, (continued)
- - - Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jeff Kell (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? NA (Mar 22)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Mike Lococo (Mar 23)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
    - Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Philip Neukom (Mar 21)