# $Id: INSTALL,v 1.26 2003/02/16 11:18:17 andreaso Exp $ #

Installation instructions for Oinkmaster v0.7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o Put oinkmaster.pl in some suitable directory, for example /usr/local/bin/.
  Put oinkmaster.conf in /usr/local/etc/ (this is where oinkmaster will search
  for it by default). If you want to have oinkmaster.conf in some other
  directory, you must run oinkmaster with the -C argument.

o Make sure that the ownership/permission on the above files and your 
  rules directory are suitable for your environment. You must run Oinkmaster
  as a regular user that has read/write access to your rules directory. 
  (The user you run Snort as, if different than the Oinkmaster user,
  usually only needs read access.) 

o Edit oinkmaster.conf. There are some options you may want to change before
  running Oinkmaster. Here you will then also tell Oinkmaster which SIDs or 
  files you want to disable or ignore. As you will see, a few things are
  disabled/ignored by default (which you may not want).
  If you already have several rules commented out (or removed) in your current
  rules, you need to add the SIDs of those to oinkmaster.conf so they don't get
  re-enabled after each update.

o Decide in which directory you want to put the new rules. Since you probably
  already have Snort up and running, you should use your existing rules
  directory. If you for example have the official Snort rules files stored in
  /snort/snort.org-rules/ you can now update those by running:

  oinkmaster.pl -o /snort/snort.org-rules/

  You REALLY should check out the entire README before doing anything though.
  You may also run oinkmaster.pl -h for more usage information and options.
  See wget's manual page (http://www.gnu.org/manual/) if you need to setup
  proxy configuration etc.
