Snort mailing list archives

Re: Updating Rules with PulledPork and no outside connection

From: JJ Cummings <cummingsj () gmail com>
Date: Mon, 17 Sep 2012 10:47:47 -0600

Place the tarballs in the defined temp path that you have in your pulledpork.conf.. You will want to tell pp not to 
download and not to validate checksums...

JJC

Sent from the iRoad

On Sep 17, 2012, at 7:02, "Michael Steele" <michaels () winsnort com> wrote:

I've looked through the list archive and was unable to find any specifics on
how to do this.

I need to run PulledPork on a closed network.

The run line I have is:
'perl d:\winids\pulledpork\pulledpork.pl -c
d:\winids\pulledpork\etc\pulledpork.conf -v -T -n'

I'm pretty sure the -n tells PulledPork to process locally?

There are two files that need to be used and I'm not sure what to do with
them?
1) snortrules-snapshot-2931.tar.gz
2) opensource.gz


Do these lines need to be hashed out?
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkco
de>
rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>


Just to verify; using the -T in the run line means I don't have to hash out
the so_rules section below?

sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/usr/local/bin/snort
config_path=/usr/local/etc/snort/snort.conf
sostub_path=/usr/local/etc/snort/rules/so_rules.rules
distro=FreeBSD-8.1

Kindest regards,
Michael...






------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Updating Rules with PulledPork and no outside connection Michael Steele (Sep 17)
- Re: Updating Rules with PulledPork and no outside connection JJ Cummings (Sep 17)
  - Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 17)
  - Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 18)
    - Re: Updating Rules with PulledPork and no outside connection JJC (Sep 18)
    - Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 18)