Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - PulledPork v0.4.1 is released! InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PulledPork v0.4.1 is released!

Published: 2010-04-26
Last Updated: 2010-04-27 12:06:02 UTC
by Joel Esler (Version: 2)
2 comment(s)

PulledPork is the 'newest' Snort rule updater.  Written by JJ Cummings, a Sourcefire guy like myself, and maintainer of https://www.openpacket.org, is a great way to keep your Snort rules up to date.  In addition to all the wonderful things that PulledPork does already (namely, it updates and auto-maintains Snort's SO rules!), the new version has these features: 

New Features/changes:

- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.

- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.

- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.

- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.

- Handle preprocessor and sensitive-information rulesets

Bug Fixes:

- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur

- Cleaned up href pointers, syntatical purposes only...

- Modified master config to allow for better readability on smaller console based systems

- Error output was not always returning full error

Be sure and go here to download the newest update!

http://code.google.com/p/pulledpork/

Be sure and read my other two posts in order to make sure you are fully up to date with everything going on.

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
2 comment(s)
Diary Archives