Re: oinkmaster vs pulled port, round two:

[Joel Esler <jesler () sourcefire com>]

Not a bad idea.  Can you submit that as a feature request on the pulledpork site?

Joel

On Feb 10, 2011, at 10:20 AM, Michael Scheidell wrote:

> I think round one was a draw.
> some people want the rules in their original files, some would like them in easier managed 'single file'
>
> I can see with PP, how being able to disable a RULE in, say snort_lan.conf vs disabling a whole rule set would have 
> its advantages.
> I can see how you might want to manage your main distribution point with oinkmaster.
>
> round 2: licensing, copyrights:
> our situation:
> we pull down VRT rules (licensed), run oinkmaster on them to set up 'our tweaks' to the rules, then create a tarball 
> (./rules/*.rules)
> each individual snort sensor BOX runs a local copy of oinkmaster, to pull down our tarball and add local 
> oinkmaster.conf tweaks to it.
>
> I assume that even if I go with PP on the individual sensors (which seems to give me more flexibility, see round 1), 
> that I still would need oinkmaster for the first step.
>
> Also, how would PP preserve the copyright and license agreements that are in each rule file?
> I believe that, even though we are licensed to redistribute VRT rules (and pay for each sensor...), we are required 
> to leave the license and copyright notices there.  
>
> this would apply to VRT rules, GPL(2,3,) lesser, apache, anything, right?
>
>
> this still makes PP vs oinkmaster, round two a draw.  PP can't preserve the copyright/license, oinkmaster can. so, on 
> main distribution point, we still would need oinkmaster.
>
>
> -- 
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > | SECNAP Network Security Corporation
> Certified SNORT Integrator
> 2008-9 Hot Company Award Winner, World Executive Alliance
> Five-Star Partner Program 2009, VARBusiness
> Best in Email Security,2010: Network Products Guide
> King of Spam Filters, SC Magazine 2008
>
> This email has been scanned and certified safe by SpammerTrap®. 
> For Information please see http://www.secnap.com/products/spammertrap/
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

--
Joel Esler
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org