Snort mailing list archives
Re: PullePork SO Rules Management?
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 04 May 2011 19:40:14 +0000
On 5/4/2011 5:30 PM, JJC wrote:
Part of your problem is your OS definition, it should be Centos-5-4 and not CentOS-5-4, that may be causing all of it, please let me know what the results are after modifying that.Figures it would be something that stupid, just so used to typing CentOS case specifically instead of noticing the directory structure inside the tarball. Thanks for pointing that out.Note the path in the rules tarball: /so_rules/precompiled/Centos-5-4/x86-64/2.9.0.4/ <http://2.9.0.4/>When you have to hit ENTER to finish the sid-msg.map, does the sid-msg.map still generate?JJC
Did notice that the *.so files got moved correctly this time around, but end up with the same uid/gid that owns them inside of the tarball that doesn't exist on most systems (1210:1210). Looks like this happens when you run pulledpork.pl as root. I wish the VRT's files within the tarball were just set to root.root so as to not end up with unowned/incorrectly owned files on the systems upon extraction by default without adding --no-same-permissions or something similar to the tar command.
Looks like Archive::Tar supports the --no-same-permissions style stuff so I added this inside of sub rule_extract:
From: ---SNIP--- my $tar = Archive::Tar->new(); $tar->read( $temp_path . $rule_file ); ---SNIP--- To: ---SNIP--- local $Archive::Tar::CHOWN = 0; my $tar = Archive::Tar->new(); $tar->read( $temp_path . $rule_file ); ---SNIP---This appears to stop the incorrectly owned files if you run pulledpork.pl as root.
-- Eoin
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs JJC (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 05)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 05)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)