Snort mailing list archives

Previous By Date Next
Previous By Thread Next

New version of pulledpork released 0.4.0 the Drunken Leprechaun!

From: JJ Cummings <cummingsj () gmail com>
Date: Fri, 26 Mar 2010 11:24:28 -0600
This version constitutes a major rewrite of the rule reading, modification
and writing system to improve speed, future module addition, supportability,
and of course reliability.

New Features/changes:


   - Enablesid
   - Moved all .conf files under etc/
   - Ability to define sid ranges in any of the sid modification .conf files
   - Ability to specify references in any of the sid modification .conf
   files
   - Ability to ignore entire rule categories (i.e. not include them)
   - Specify locally stored rules files that need their meta data included
   in sid-msg.map
   - All rulestate modifications, comparisons etc.. are now handled
   in-memory
   - Rewrite of sid-msg.map generation code to allow for all proper
   character reading and addition to sid-msg.map
   - No longer reliant on tar binary, now using Archive::Tar
   - Ability to specify your arch for so_rules
   - Added significant amounts of debug output when an error is detected
   - Rules are now written to only two distinct files

Bug Fixes:


   - Properly account for whitespace in non-standard rulesets such as ET
   - Cleaned up and improved the changelog to display new / deleted sids and
   rule totals
   - Certian conditions caused the md5 check to fail even when valid - This
   was primarily an ET issue, but did manifest on VRT rulesets also
   - Many small fixes that were not tracked well :-P
   - Do not overwrite local.rules, but still include in sid-msg.map
   generation

More information on the pulledpork site at
http://code.google.com/p/pulledpork or on the official release blog entry
at
http://global-security.blogspot.com/2010/03/pulling-pork-with-drunken-leprechaun-pp.html

Thanks for all of the great community support and feedback thus far!

JJC

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: