File: INSTALL

package info (click to toggle)
oinkmaster 1.2-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 372 kB
  • ctags: 68
  • sloc: perl: 3,027; makefile: 46
file content (52 lines) | stat: -rw-r--r-- 2,490 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# $Id: INSTALL,v 1.50 2005/04/11 18:12:35 andreas_o Exp $ #

Installation instructions for Oinkmaster
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o Put oinkmaster.pl in some suitable directory, for example 
  /usr/local/bin/. Put oinkmaster.conf in /etc/ or /usr/local/etc/
  (this is where Oinkmaster will search for it by default). If you want 
  to have oinkmaster.conf in some other directory, you must run Oinkmaster 
  with the -C argument. Make sure that the ownership/permission on the 
  above files are suitable for your environment. You may also want to
  copy the man page (oinkmaster.1) to something like /usr/local/man/man1/.


o Edit oinkmaster.conf. The defaults should be fine for most users, 
  although one thing you must change is "url = ...", which specifies 
  the location of the rules archive. The URL to use depends on which 
  version of Snort you run and also what type of rules you want to use. 
  Some may require registration. See Q28 in the FAQ for more 
  information.

  In oinkmaster.conf you will then also tell Oinkmaster things like 
  which SIDs or files you want to disable/enable/modify/ignore. If you 
  already have several rules commented out (or removed) in your current 
  rules, you must add the SIDs of those to oinkmaster.conf so they 
  don't get re-enabled after each update (there is a help script for 
  that, see makesidex.pl in the contrib directory). Remember that after 
  switching to Oinkmaster for updating the rules, all permanent 
  modifications to the rules must be done by editing oinkmaster.conf, 
  not by editing the rules files directly.


o Decide in which directory you want to put the new rules. Since you 
  probably have Snort up and running already, you should use the 
  directory where you keep the rules. It's a very good idea to create a 
  backup of it first. You must run Oinkmaster as a user that has 
  read/write access to your rules directory and all rules files in it. 
  It should however *NOT* be a privileged user such as root!
  Never run Oinkmaster as root.


o Done! 
  Assuming your rules directory is /etc/snort/rules/, you can now update 
  those rules by running:

  oinkmaster.pl -o /etc/snort/rules

  You should really check out the entire FAQ and README before doing 
  anything though. You may also run oinkmaster.pl -h to list all 
  available command line options. They are described in more detail in 
  the Oinkmaster manual page. See the FAQ if you need to setup proxy 
  configuration.