[-] oinkmaster [-]
snort_sm
 
  News
  About
  Features
  Download
  CVS
  Documentation
  FAQ
  GUI
  Feedback
  Mailing list
  SF project page

 
# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ #

-------------------------------------------------------------------------------
* oinkgui.pl by Andreas Östling 

  A graphical front-end to Oinkmaster written in Perl/Tk.
  See README.gui for complete documentation.
-------------------------------------------------------------------------------



-------------------------------------------------------------------------------
* addsid.pl by Andreas Östling 

  A script that parses *.rules in all specified directories and adds a 
  SID to (active) rules that don't have any. (Actually, rev and classtype 
  are also added if missing, unless you edit addsid.pl and tune this.) The 
  script first looks for the current highest SID (even in inactive rules) 
  and starts at the next one, unless this value is below MIN_SID (defined 
  inside addsid.pl). By default, this value is set to 1000001 since this 
  is the lowest SID assigned for local usage. Handles multi-line rules.
-------------------------------------------------------------------------------



-------------------------------------------------------------------------------
* create-sidmap.pl by Andreas Östling andreas_o@users.sourceforge.net

  A script that parses all active rules in *.rules in all specified 
  directories and creates a SID map. (Like Snort's regen-sidmap, but this 
  one handles multi-line rules.) Result goes to standard output which can 
  be redirected to a sid-msg.map file.
-------------------------------------------------------------------------------



-------------------------------------------------------------------------------
* makesidex.pl, originally by Jerry Applebaum but later rewritten by
  Andreas Östling  to handle multi-line rules and
  multiple rules directories.

  It reads *.rules in all specified directories, looks for all disabled
  rules and prints a "disablesid   # " line for each disabled rule.
  The output can be appended to oinkmaster.conf.
  Useful to new Oinkmaster users.
-------------------------------------------------------------------------------



-------------------------------------------------------------------------------
* addmsg.pl by Andreas Östling :
 
  A script that will parse your oinkmaster.conf for
  localsid/enablesid/disablesid lines and add their rule message as a #comment.
  If your oinkmaster.conf looks like this before addmsg.pl has been run:

    disablesid 286
    disablesid 287
    disablesid 288

  It will look something like this afterward:

    disablesid 286             # POP3 EXPLOIT x86 bsd overflow
    disablesid 287             # POP3 EXPLOIT x86 bsd overflow
    disablesid 288             # POP3 EXPLOIT x86 linux overflow

  addmsg.pl will not touch lines that already has a comment in them.
  It's not able to handle SID lists when written like this:
    disablesid 1,2,3, ...
  But it should handle them if written like this:
    disablesid \
      1, \
      2, \
      3

  The new config file will be printed to standard output, so you
  probably want to redirect the output to a file, for example:

  ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new

  If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf.
  Do NOT redirect to the same file you read from, as this will destroy 
  that file.
-------------------------------------------------------------------------------

Snort and the Snort logo are trademarks or registered trademarks of Sourcefire, Inc.