New Features/changes:
- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.
- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.
- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.
- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.
- Handle preprocessor and sensitive-information rulesets
Bug Fixes:
- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur
- Cleaned up href pointers, syntatical purposes only...
- Modified master config to allow for better readability on smaller console based systems
- Error output was not always returning full error
Be sure and go here to download the newest update!
http://code.google.com/p/pulledpork/
Be sure and read my other two posts in order to make sure you are fully up to date with everything going on.
Joel Esler, Sourcefire, Snort, Immunet, ClamAV, Apple, and Network Security. This is my blog.
Subscribe to:
Post Comments (Atom)
Call of Duty Error 6034 for the Xbox
Several friends and I play Call of Duty nearly every night. However, Activision’s most recent multiplayer update broke the heck out of Call...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
For those of you that haven't heard of DropBox, it's essentially a synced drive that is stored on DropBox's servers (in the clou...
1 comment:
[...] This post was mentioned on Twitter by JoelEsler, JoelEsler. JoelEsler said: PulledPork v0.4.1 released! http://goo.gl/fb/1FM1s [...]
Post a Comment