122


Chapter 3     Working with Snort Rules


3.9.2


The Sophisticated and Complex Method


This section provides information about the use of Oinkmaster found at http://


www.algonet.se/~nitzer/oinkmaster/. Oinkmaster is a tool to update Snort rule files. It is


written in Perl, so you must have Perl installed on your Snort machine to make this tool


work. It can be configured to download new rule files from the Internet, find out what


rules need to be updated and then updates them. If you have modified some standard


rules according to your own requirements, you can configure Oinkmaster not to update


these customized rules. At the time of writing this book, version 0.6 of this tool is avail 


able. By now updated versions may be available. Oinkmaster is a Perl script and uses a


configuration file to update the rules.


It is recommended that you use a temporary directory the first time you use this


Perl script. I have used /tmp/rules directory. When you use the following command,


it will download all rules, untar them and save all files in /tmp/rules directory.


[rr@conformix]$ ./oinkmaster.pl  o /tmp/rules/


Downloading rules archive from http://www.snort.org/dl/signatures/


snortrules.tar.gz...


12:27:09 URL:http://www.snort.org/dl/signatures/snortrules.tar.gz [79487/79487] 


 > "/tmp/oinkmaster.9875/snortrules.tar.gz" [1]


Archive successfully downloaded, unpacking... tar: rules/attack responses.rules: 


time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/classification.config: time stamp 2002 07 14 13:10:24 is 348194 s in 


the future


tar: rules/sid msg.map: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/x11.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/web misc.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/web iis.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/web frontpage.rules: time stamp 2002 07 14 13:10:24 is 348194 s in 


the future


tar: rules/web coldfusion.rules: time stamp 2002 07 14 13:10:24 is 348194 s in 


the future


tar: rules/web cgi.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/web attacks.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/virus.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/tftp.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/telnet.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/sql.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/smtp.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future


tar: rules/shellcode.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the 


future


tar: rules/scan.rules: time stamp 2002 07 14 13:10:24 is 348194 s in the future








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved