Snort mailing list archives
Re: Updating Rules with PulledPork and no outsid connection
From: Dheeraj Gupta <dheeraj.gupta4 () gmail com>
Date: Mon, 17 Sep 2012 22:35:40 +0530
I need to run PulledPork on a closed network. The run line I have is: 'perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\
pulledpork.conf -v -T -n' I'm pretty sure the -n tells PulledPork to process locally? Yes -n will tell pulledpork to process rule files locally rather than go for download. There are two files that need to be used and I'm not sure what to do with
them? 1) snortrules-snapshot-2931.tar.gz 2) opensource.gz
The first one is your signature file(Contains all the signatures that pulledpork will put in appropriate files. The second one is the documentation of the signatures (Stuff like english explanation of vulnerability/signature. References to the vulnerability and revisions). The first one is necessary in order to run snort. The second one is more for completeness sake(In case you want to refer to signatures offline) Do these lines need to be hashed out?
rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz| <oinkco de> rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
If you specify the -n option you can comment-out(hash-out) these lines or leave them as it is, it doesn't matter. But there is an entry in pulledpork.conf about "path_to_temp_folder" or something like that. You need to put a valid path in that setting and copy your snortrules-snapshot-2931.tar.gz *in* that directory. After that pulledpork -c /path/to/pulledpork.conf -n should work. It would be good idea t read the pulledpork configuration file before running it for the first time
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Updating Rules with PulledPork and no outsid connection Dheeraj Gupta (Sep 17)