Snort mailing list archives
Re: Checking snort rules date and Pulledpork status
From: Dheeraj Gupta <dheeraj.gupta4 () gmail com>
Date: Wed, 30 May 2012 21:58:23 +0530
Hi, Is it possible to gather release date from snortrules-snapshot tar file
via standard tools. We use snort for distributed monitoring and need to setup a central update scheme. I thought about setting up a script that updates snort-rules (via pulledpork) only if the rule file is newer than the current ruleset. Alternatively, is there a way by which we can tell the signature release date of the current snort-signature set loaded into snort?
We publish the md5 of the ruleset. PulledPork checks this md5 on our
website against the last md5 you downloaded and if they are different, then it downloads the new rule pack. So, your request is already taken care of. But what if I don't have internet access and use pulledpork with -n option? Also supposing I copy an older file into tmp, then pulledpork would not know that this file is older than the ruleset that is currently applicable and still process it. Maybe we can have versions (by date) for rulesets and those can be queried using the snort commandline tool?
Also is pulledpork still under active development considering the fact
that the last release (on code homepage) was over a year ago?
Yes, very much. Pull the git master if you want the active devel
version. But yes. JJ is building new features into it to support some of the upcoming features of Snort. Thanks for that info -- To iterate is human.To recurse, divine!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Checking snort rules date and Pulledpork status Dheeraj Gupta (May 30)
- Re: Checking snort rules date and Pulledpork status Joel Esler (May 30)
- Message not available
- Re: Checking snort rules date and Pulledpork status Dheeraj Gupta (May 30)
- Message not available
- Re: Checking snort rules date and Pulledpork status Joel Esler (May 30)