Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sig tarball directory structure question

from [JP Vossen] Network Security [Permanent Link]
Subject: [Snort-sigs] Sig tarball directory structure question
Date: Wed, 26 Sep 2007 15:29:43 -0400 
I have not been following Snort for a while, but recently did some 
scripting work to download the rules tarballs at work, using our 
Oinkcode.  Note my script only runs Mon-Thr, so I may skip  some releases.

Unless I am doing something seriously wrong:

snortrules-snapshot-2.6_s.tar.gz from 2007-09-19 (and all previous I 
checked) has this dir structure:

$ tar tvzf 20070919.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-18 14:52:38 rules/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:33 doc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 doc/signatures/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-18 14:52:38 so_rules/

$ md5sum 20070919.d/snortrules-snapshot-2.6_s.tar.gz
78d2286e9356d8e0495e35580f4a75f6 20070919.d/snortrules-snapshot-2.6_s.tar.gz


But the one from today (2007-09-26) looks like this:

$ tar tvzf 20070926.d/snortrules-snapshot-2.6_s.tar.gz | grep '/$'
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:58:48 rules/
drwxr-xr-x vrtbuild/vrtbuild 0 2007-09-24 17:57:15 rules/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:00:53 doc/signatures/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:58:47 doc/signatures/CVS/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 18:01:24 so_rules/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/
drwxr-xr-x vrtbuild/vrtbuild       0 2007-09-24 17:57:10 etc/CVS/

$ md5sum 20070926.d/snortrules-snapshot-2.6_s.tar.gz
f8c97b82d73b6d870aff8371e3f53bb7 20070926.d/snortrules-snapshot-2.6_s.tar.gz


That's a *big* difference and I can't find anything in the tarball 
itself, last 45 or so days sig,user,ann ML archives or in the snort.org 
news back to July.  From my perspective the 2 things that are most 
important are 1) CVS cruft and 2) *.conf moved from ./rules/ to ./etc/.

Is this on purpose and will it say this way?  Is there some announcement 
I missed?

Note, that as long at the structure becomes stable, I don't care what it 
looks like.  In fact, the *.conf in etc makes some sense to me.  But I'd 
guess I'm not the only person expecting *.conf to be in ./rules/...

Thanks,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] SMTP MS Windows Mail UNC navigation remote command execution 11837, Russell Fulton
Next by Date:  Re: [Snort-sigs] Sig tarball directory structure question, Matthew Watchinski
Previous by Thread:  [Snort-sigs] SMTP MS Windows Mail UNC navigation remote command execution 11837, Russell Fulton
Next by Thread:  Re: [Snort-sigs] Sig tarball directory structure question, Matthew Watchinski
Indexes:  [Date] [Thread] [Top] [All Lists]