Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: PulledPork v0.4.1 is released! SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PulledPork v0.4.1 is released!

 

PulledPork is the 'newest' Snort rule updater.  Written by JJ Cummings, a Sourcefire guy like myself, and maintainer of https://www.openpacket.org, is a great way to keep your Snort rules up to date.  In addition to all the wonderful things that PulledPork does already (namely, it updates and auto-maintains Snort's SO rules!), the new version has these features: 

New Features/changes:

- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.

- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.

- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.

- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.

- Handle preprocessor and sensitive-information rulesets

Bug Fixes:

- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur

- Cleaned up href pointers, syntatical purposes only...

- Modified master config to allow for better readability on smaller console based systems

- Error output was not always returning full error

Be sure and go here to download the newest update!

http://code.google.com/p/pulledpork/

Be sure and read my other two posts in order to make sure you are fully up to date with everything going on.

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Joel

454 Posts
ISC Handler
The certificate of your friends' site has expired in March...
Nerijus

7 Posts
nk,

Good observation, I'll try to get it updated shortly!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!