Monday, April 26, 2010

Rule release for today - April 26th, 2010

This release contains support for Snort 2.8.6.0. Additionally, new packages have been added that contain 4 digit version numbers.

New package names:
1. snortrules-snapshot-2853_s.tar.gz
2. snortrules-snapshot-2860_s.tar.gz

Details:
The packages have been updated with support for Snort 2.8.6.0. Additionally, a number of improvements have been made to the packages to help clarify which packages to use with your specific snort version.

The old package names are still available but they are now symlinked to
the new package names. The symlinks will exist for the next 30 days. This should hopefully prevent auto updaters from failing to update correctly.

Symlinks Subscriber:
1. snortrules-snapshot-2853_s.tar.gz -> snortrules-snapshot-CURRENT_s.tar.gz
2. snortrules-snapshot-2853_s.tar.gz -> snortrules-snapshot-2.8_s.tar.gz

* IMPORTANT *
The above is not a typo. The 2853 is symlinked to CURRENT and the 2.8 packages this is intentional, as to not break auto updaters that define CURRENT incorrectly.

Registered Users:
There are no new symlinks for registered users as the new packages won't be available to registered users for 30 days.

Additional Package Updates.

1. Packages are now locked to the version of snort they support. This includes sub directories in the packages. For examples the 2853 packages now only contain SO rules for 2.8.5.3.

2. Snort.conf in etc/ directory has been updated to support additional features in 2.8.5.3 and 2.8.6.0.

3. Preprocessor Rules are now contained in the package.

4. For 2.8.6.0 Sensitive data rules are contained in the package.

Not running 2.8.5.3 and downloading CURRENT / 2.8 / 2853 packages ?:

1. You will need to modify oinkmaster, pulled pork, or whatever update system you are using to remove 2.8.5.3 version specific rule keywords or snort will fail to load.

No comments:

Post a Comment