I am uploading a NMU to fix this. The debdiff is attached.
diff -Nru oinkmaster-2.0/ChangeLog oinkmaster-2.0/ChangeLog
--- oinkmaster-2.0/ChangeLog 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/ChangeLog 2006-02-18 13:35:21.000000000 +0100
@@ -1,36 +1,4 @@
-# $Id: ChangeLog,v 1.192 2008/02/18 19:41:04 andreas_o Exp $ #
-
-Oinkmaster v2.1 - 200xxxxx
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-o Flowbits dependency check is now performed on the downloaded rules
- after being processed by Oinkmaster. You will get a warning message
- if a rule has 'flowbits:set,...' or 'flowbits:isnotset,...' statements
- for flowbits that are never set or toggled in any rule. If you get
- warnings about flowbits dependency problems, you have to fix them
- yourself. Flowbits check is suppressed when using -Q.
-o Print message when URL is specified on both command line and in config
- file (command line wins as usual)
-o oinkmaster.pl and create-sidmap.pl: don't print dup warnings for
- rules that are commented out (thanks to David J. Bianco)
-o Updated the default example URLs in oinkmaster.conf to point to
- more recent Snort versions and the Emerging Threats site.
-o Set defaults for 'update_files' and 'path' in oinkmaster.pl
- instead of in oinkmaster.conf.
-o Write stats for matching 'localsid' statements just like the rest.
-o Fixed a couple of minor sanity check bugs.
-o Allow rules_dir to be set in Oinkmaster config file. This is the
- directory in the downloaded rules archive where Oinkmaster will
- search for the rules files. Default is the directory called "rules",
- as that's where the normal rules usually are. This allows you to
- update the shared object rules (so_rules) with Oinkmaster by
- creating a separate oinkmaster.conf containing "rules_dir = so_rules".
- Note that you can not set multiple directories so you have to run
- Oinkmaster separately for each directory. Remember to point to
- different output directories as the "rules" and "so_rules"
- directories contains files with identical filenames.
-o Updated my email address everywhere (now andre...@andreaso.se).
-
-
+# $Id: ChangeLog,v 1.186 2006/02/18 12:16:47 andreas_o Exp $ #
Oinkmaster v2.0 - 20060218
~~~~~~~~~~~~~~~~~~~~~~~~~~
diff -Nru oinkmaster-2.0/contrib/addmsg.pl oinkmaster-2.0/contrib/addmsg.pl
--- oinkmaster-2.0/contrib/addmsg.pl 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/contrib/addmsg.pl 2006-02-18 13:35:21.000000000 +0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: addmsg.pl,v 1.20 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ #
-# Copyright (c) 2004-2006 Andreas Östling <andreas_ostl...@bredband.net>
+# Copyright (c) 2004-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
diff -Nru oinkmaster-2.0/contrib/addsid.pl oinkmaster-2.0/contrib/addsid.pl
--- oinkmaster-2.0/contrib/addsid.pl 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/contrib/addsid.pl 2006-02-18 13:35:21.000000000 +0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: addsid.pl,v 1.31 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ #
-# Copyright (c) 2004-2006 Andreas Östling <andreas_ostl...@bredband.net>
+# Copyright (c) 2004-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
diff -Nru oinkmaster-2.0/contrib/create-sidmap.pl
oinkmaster-2.0/contrib/create-sidmap.pl
--- oinkmaster-2.0/contrib/create-sidmap.pl 2023-05-16 00:19:05.000000000
+0200
+++ oinkmaster-2.0/contrib/create-sidmap.pl 2006-02-18 13:35:21.000000000
+0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: create-sidmap.pl,v 1.23 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ #
-# Copyright (c) 2004-2006 Andreas Östling <andreas_ostl...@bredband.net>
+# Copyright (c) 2004-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
@@ -94,16 +94,15 @@
my @file = <FILE>;
close(FILE);
- my ($single, $multi, $nonrule, $msg, $sid, %old_sids);
+ my ($single, $multi, $nonrule, $msg, $sid);
while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg,
\$sid)) {
if (defined($single)) {
warn("WARNING: duplicate SID: $sid (discarding old)\n")
- if (exists($old_sids{$sid}) && ($single !~ /^#/ &&
$old_sids{$sid} !~ /^#/));
+ if (exists($sidmap{$sid}));
$sidmap{$sid} = "$sid || $msg";
- $old_sids{$sid} = $single;
# Print all references. Borrowed from Brian Caswell's
regen-sidmap script.
my $ref = $single;
diff -Nru oinkmaster-2.0/contrib/makesidex.pl
oinkmaster-2.0/contrib/makesidex.pl
--- oinkmaster-2.0/contrib/makesidex.pl 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/contrib/makesidex.pl 2006-02-18 13:35:21.000000000 +0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: makesidex.pl,v 1.12 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ #
-# Copyright (c) 2004-2006 Andreas Östling <andreas_ostl...@bredband.net>
+# Copyright (c) 2004-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
diff -Nru oinkmaster-2.0/contrib/oinkgui.pl oinkmaster-2.0/contrib/oinkgui.pl
--- oinkmaster-2.0/contrib/oinkgui.pl 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/contrib/oinkgui.pl 2006-02-18 13:35:21.000000000 +0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: oinkgui.pl,v 1.53 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ #
-# Copyright (c) 2004-2006 Andreas Östling <andreas_ostl...@bredband.net>
+# Copyright (c) 2004-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
diff -Nru oinkmaster-2.0/contrib/README.contrib
oinkmaster-2.0/contrib/README.contrib
--- oinkmaster-2.0/contrib/README.contrib 2023-05-16 00:19:05.000000000
+0200
+++ oinkmaster-2.0/contrib/README.contrib 2006-02-18 13:35:21.000000000
+0100
@@ -1,7 +1,7 @@
-# $Id: README.contrib,v 1.22 2006/10/12 08:57:26 andreas_o Exp $ #
+# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ #
-------------------------------------------------------------------------------
-* oinkgui.pl by Andreas Östling <andreas_ostl...@bredband.net>
+* oinkgui.pl by Andreas Östling <andre...@it.su.se>
A graphical front-end to Oinkmaster written in Perl/Tk.
See README.gui for complete documentation.
@@ -10,7 +10,7 @@
-------------------------------------------------------------------------------
-* addsid.pl by Andreas Östling <andreas_ostl...@bredband.net>
+* addsid.pl by Andreas Östling <andre...@it.su.se>
A script that parses *.rules in all specified directories and adds a
SID to (active) rules that don't have any. (Actually, rev and classtype
@@ -24,7 +24,7 @@
-------------------------------------------------------------------------------
-* create-sidmap.pl by Andreas Östling <andreas_ostl...@bredband.net>
+* create-sidmap.pl by Andreas Östling <andre...@it.su.se>
A script that parses all active rules in *.rules in all specified
directories and creates a SID map. (Like Snort's regen-sidmap, but this
@@ -36,7 +36,7 @@
-------------------------------------------------------------------------------
* makesidex.pl, originally by Jerry Applebaum but later rewritten by
- Andreas Östling <andreas_ostl...@bredband.net> to handle multi-line rules and
+ Andreas Östling <andre...@it.su.se> to handle multi-line rules and
multiple rules directories.
It reads *.rules in all specified directories, looks for all disabled
@@ -48,7 +48,7 @@
-------------------------------------------------------------------------------
-* addmsg.pl by Andreas Östling <andreas_ostl...@bredband.net>:
+* addmsg.pl by Andreas Östling <andre...@it.su.se>:
A script that will parse your oinkmaster.conf for
localsid/enablesid/disablesid lines and add their rule message as a #comment.
diff -Nru oinkmaster-2.0/debian/changelog oinkmaster-2.0/debian/changelog
--- oinkmaster-2.0/debian/changelog 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/debian/changelog 2023-05-15 23:49:49.000000000 +0200
@@ -1,3 +1,13 @@
+oinkmaster (2.0-4.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add missing build targets. (Closes: #999038)
+ * Drop upstream Vcs. (Closes: #1031313)
+ * Convert to source format 3.0 (quilt).
+ * Update debhelper to level 7. (Closes: #965755)
+
+ -- Bastian Germann <b...@debian.org> Mon, 15 May 2023 23:49:49 +0200
+
oinkmaster (2.0-4.1) unstable; urgency=medium
* Non maintainer upload by the Reproducible Builds team.
diff -Nru oinkmaster-2.0/debian/compat oinkmaster-2.0/debian/compat
--- oinkmaster-2.0/debian/compat 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/debian/compat 2023-05-15 23:49:49.000000000 +0200
@@ -1 +1 @@
-5
+7
diff -Nru oinkmaster-2.0/debian/control oinkmaster-2.0/debian/control
--- oinkmaster-2.0/debian/control 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/debian/control 2023-05-15 23:49:49.000000000 +0200
@@ -2,11 +2,9 @@
Section: admin
Priority: optional
Maintainer: Javier Fernández-Sanguino Peña <j...@debian.org>
-Build-Depends: debhelper (>= 4.0.0)
+Build-Depends: debhelper (>= 7)
Standards-Version: 3.6.0
Homepage: http://oinkmaster.sourceforge.net/
-Vcs-Browser: http://oinkmaster.cvs.sourceforge.net/oinkmaster/oinkmaster/
-Vcs-Cvs: :pserver:anonym...@oinkmaster.cvs.sourceforge.net:/cvsroot/oinkmaster
oinkmaster
Package: oinkmaster
Architecture: all
diff -Nru oinkmaster-2.0/debian/patches/series
oinkmaster-2.0/debian/patches/series
--- oinkmaster-2.0/debian/patches/series 1970-01-01 01:00:00.000000000
+0100
+++ oinkmaster-2.0/debian/patches/series 2023-05-15 23:49:49.000000000
+0200
@@ -0,0 +1 @@
+upstream.patch
diff -Nru oinkmaster-2.0/debian/patches/upstream.patch
oinkmaster-2.0/debian/patches/upstream.patch
--- oinkmaster-2.0/debian/patches/upstream.patch 1970-01-01
01:00:00.000000000 +0100
+++ oinkmaster-2.0/debian/patches/upstream.patch 2023-05-15
23:49:49.000000000 +0200
@@ -0,0 +1,695 @@
+Description: Import some upstream changes
+---
+--- oinkmaster-2.0.orig/ChangeLog
++++ oinkmaster-2.0/ChangeLog
+@@ -1,4 +1,36 @@
+-# $Id: ChangeLog,v 1.186 2006/02/18 12:16:47 andreas_o Exp $ #
++# $Id: ChangeLog,v 1.192 2008/02/18 19:41:04 andreas_o Exp $ #
++
++Oinkmaster v2.1 - 200xxxxx
++~~~~~~~~~~~~~~~~~~~~~~~~~~
++o Flowbits dependency check is now performed on the downloaded rules
++ after being processed by Oinkmaster. You will get a warning message
++ if a rule has 'flowbits:set,...' or 'flowbits:isnotset,...' statements
++ for flowbits that are never set or toggled in any rule. If you get
++ warnings about flowbits dependency problems, you have to fix them
++ yourself. Flowbits check is suppressed when using -Q.
++o Print message when URL is specified on both command line and in config
++ file (command line wins as usual)
++o oinkmaster.pl and create-sidmap.pl: don't print dup warnings for
++ rules that are commented out (thanks to David J. Bianco)
++o Updated the default example URLs in oinkmaster.conf to point to
++ more recent Snort versions and the Emerging Threats site.
++o Set defaults for 'update_files' and 'path' in oinkmaster.pl
++ instead of in oinkmaster.conf.
++o Write stats for matching 'localsid' statements just like the rest.
++o Fixed a couple of minor sanity check bugs.
++o Allow rules_dir to be set in Oinkmaster config file. This is the
++ directory in the downloaded rules archive where Oinkmaster will
++ search for the rules files. Default is the directory called "rules",
++ as that's where the normal rules usually are. This allows you to
++ update the shared object rules (so_rules) with Oinkmaster by
++ creating a separate oinkmaster.conf containing "rules_dir = so_rules".
++ Note that you can not set multiple directories so you have to run
++ Oinkmaster separately for each directory. Remember to point to
++ different output directories as the "rules" and "so_rules"
++ directories contains files with identical filenames.
++o Updated my email address everywhere (now andre...@andreaso.se).
++
++
+
+ Oinkmaster v2.0 - 20060218
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+--- oinkmaster-2.0.orig/FAQ
++++ oinkmaster-2.0/FAQ
+@@ -1,4 +1,4 @@
+-# $Id: FAQ,v 1.48 2006/01/21 08:25:05 andreas_o Exp $ #
++# $Id: FAQ,v 1.49 2008/02/18 19:39:18 andreas_o Exp $ #
+
+
+ The must current version if this FAQ can be found
+@@ -67,7 +67,7 @@ Q22: I want to disable rules by editing
+ a "#" in front of the rules. How do these changes become permanent?
+
+ Q23: How do I update the rules from multiple sources, like the official
+- ones at www.snort.org and the ones at www.bleedingsnort.com?
++ ones at www.snort.org, the ones at www.emergingthreats.net?
+
+ Q24: How do I know which rules to disable?
+
+@@ -97,6 +97,7 @@ Q32: What Perl modules do I need to be a
+ Q33: Can I tell Oinkmaster to disable all rules by default, and only
+ enable and update specific ones?
+
++Q34: Can Oinkmaster update the shared object rules (so_rules)?
+
+
+ --------------
+@@ -134,7 +135,7 @@ A1: Quick instructions if you want to u
+ Here is some more information about downloading Snort signatures.
+ Oinkmaster can be used to update Snort signatures from many different
+ places, like the official ones at www.snort.org or the
+- "Bleeding Snort" ones from www.bleedingsnort.com. Here follows
++ "Bleeding Snort" ones from www.emergingthreats.net. Here follows
+ information about the official Snort signatures at www.snort.org
+ Third party rules sources should have their own instructions.
+ Remember that you should never ever update the Snort signatures
+@@ -682,7 +683,7 @@ A22: As can be read elsewhere in this FA
+
+
+ Q23: How do I update the rules from multiple sources, like the official
+- ones at www.snort.org and the ones at www.bleedingsnort.com?
++ ones at www.snort.org, the ones at www.emergingthreats.net?
+
+ A23: One way is to simply run Oinkmaster once for each URL and with
+ different output directories. This way you don't have to worry
+@@ -787,11 +788,11 @@ A26: When using Barnyard and the like, i
+
+ #!/bin/sh
+
+- oinkmaster.pl -u http://www.bleedingsnort.com/... -o
/etc/snort/rules/bleeding/
++ oinkmaster.pl -u http://rules.emergingthreats.net/... -o
/etc/snort/rules/emerging/
+ oinkmaster.pl -u http://www.snort.org/... -o /etc/snort/rules/official/
+
+ create-sidmap.pl /etc/snort/rules/official/ \
+- /etc/snort/rules/bleeding/ \
++ /etc/snort/rules/emerging/ \
+ /etc/snort/rules/local/ \
+ > /etc/snort/sid-msg.map
+
+@@ -918,3 +919,18 @@ A33: Yes. This may be convenient if you
+ rule you want to use, you must add an 'enablesid' statement for it
+ as all added rules will be disabled by default.
+
++
++
++Q34: Can Oinkmaster update the shared object rules (so_rules)?
++
++A34: Yes, but you have to run Oinkmaster separately with its own
++ configuration file. Copy your regular oinkmaster.conf file
++ to oinkmaster-so-rules.conf (or create a new one) and set
++ "rules_dir = so_rules". Then run Oinkmaster with
++ -C <path tooinkmaster-so-rules.conf> and use an output directory
++ (-o <dir>) different than your regular rules directory. This is
++ important as the "rules" and "so_rules" directories contains
++ files with identical filenames. See the Snort documentation on how
++ to use shared object rules. The shared object rules are currently
++ disabled by default so you have to use "enablesid" or "modifysid"
++ to activate the ones you want to use.
+--- oinkmaster-2.0.orig/README
++++ oinkmaster-2.0/README
+@@ -1,10 +1,10 @@
+-# $Id: README,v 1.84 2006/01/28 22:11:12 andreas_o Exp $ #
++# $Id: README,v 1.85 2006/10/12 08:55:47 andreas_o Exp $ #
+
+
+ Introduction
+ ~~~~~~~~~~~~
+
+-Oinkmaster is written by Andreas Östling <andre...@it.su.se>.
++Oinkmaster is written by Andreas Östling <andreas_ostl...@bredband.net>.
+ The homepage is at http://oinkmaster.sourceforge.net/
+
+ Oinkmaster is simple Perl script released under the BSD license that
+--- oinkmaster-2.0.orig/contrib/create-sidmap.pl
++++ oinkmaster-2.0/contrib/create-sidmap.pl
+@@ -94,15 +94,16 @@ foreach my $rulesdir (@rulesdirs) {
+ my @file = <FILE>;
+ close(FILE);
+
+- my ($single, $multi, $nonrule, $msg, $sid);
++ my ($single, $multi, $nonrule, $msg, $sid, %old_sids);
+
+ while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg,
\$sid)) {
+ if (defined($single)) {
+
+ warn("WARNING: duplicate SID: $sid (discarding old)\n")
+- if (exists($sidmap{$sid}));
++ if (exists($old_sids{$sid}) && ($single !~ /^#/ &&
$old_sids{$sid} !~ /^#/));
+
+ $sidmap{$sid} = "$sid || $msg";
++ $old_sids{$sid} = $single;
+
+ # Print all references. Borrowed from Brian Caswell's
regen-sidmap script.
+ my $ref = $single;
+--- oinkmaster-2.0.orig/oinkmaster.1
++++ oinkmaster-2.0/oinkmaster.1
+@@ -8,7 +8,7 @@
+ .B oinkmaster
+ \- update Snort signatures
+ .SH SYNOPSIS
+-.B oinkmaster.pl -o
++.B oinkmaster -o
+ .I outdir
+ [options]
+ .SH DESCRIPTION
+@@ -205,14 +205,14 @@ Download rules archive from default loca
+ and put the new rules in /etc/rules/:
+ .PP
+ .nf
+-\fB oinkmaster.pl -o /etc/rules \fP
++\fB oinkmaster -o /etc/rules \fP
+ .fi
+ .PP
+ Grab rules archive from local filesystem and do not print anything unless
+ it contains updated rules:
+ .PP
+ .nf
+-\fB oinkmaster.pl -u file:///tmp/rules.tar.gz -o /etc/rules -q \fP
++\fB oinkmaster -u file:///tmp/rules.tar.gz -o /etc/rules -q \fP
+ .fi
+ .PP
+ Download rules archive from default location, make backup of old rules if
+@@ -223,7 +223,7 @@ passwords, you should of course not send
+ first encrypting the content.):
+ .PP
+ .nf
+-\fB oinkmaster.pl -o /etc/snort/rules -b /etc/snort/backup 2>&1 | \fP\\
++\fB oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 | \fP\\
+ \fB mail -s "subject" u...@example.com
+ .fi
+ .PP
+@@ -232,7 +232,7 @@ downloaded snort.conf and foo.conf but n
+ /etc/snort/snort.conf:
+ .PP
+ .nf
+-\fB oinkmaster.pl -u file:///tmp/foo.rules.tar.gz \fP\\
++\fB oinkmaster -u file:///tmp/foo.rules.tar.gz \fP\\
+ \fB -u http://somewhere/rules.tar.gz -u https://blah/rules.tar.gz \fP\\
+ \fB -o /etc/rules -S snort.conf -S foo.conf -U /etc/snort/snort.conf
+ .fi
+@@ -245,7 +245,7 @@ command is available on the system:
+ .PP
+ .nf
+ \fB TMP=`mktemp /tmp/oinkmaster.XXXXXX` && \fP\\
+-\fB (oinkmaster.pl -C /etc/oinkmaster-global.conf \fP\\
++\fB (oinkmaster -C /etc/oinkmaster-global.conf \fP\\
+ \fB -C /etc/oinkmaster-sensor.conf -o /etc/rules \fP\\
+ \fB -U /etc/snort.conf \fP\\
+ \fB -u scp://u...@example.com:/home/user/rules.tar.gz \fP\\
+@@ -266,7 +266,7 @@ arachnids_upd. It worked only with the A
+ changed, it was rewritten to work with the official Snort rules and the
+ new name became Oinkmaster.
+ .SH AUTHOR
+-Andreas Ostling <andre...@it.su.se>
++Andreas Ostling <andreas_ostl...@bredband.net>
+ .SH SEE ALSO
+ The online documentation at http://oinkmaster.sf.net/ contains more
+ information.
+--- oinkmaster-2.0.orig/oinkmaster.conf
++++ oinkmaster-2.0/oinkmaster.conf
+@@ -1,12 +1,10 @@
+-# $Id: oinkmaster.conf,v 1.132 2006/02/02 12:05:08 andreas_o Exp $ #
++# $Id: oinkmaster.conf,v 1.134 2008/02/18 19:33:45 andreas_o Exp $ #
++
+
+ # This file is pretty big by default, but don't worry.
+-# The only things required are "path" and "update_files". You must also
+-# set "url" to point to the correct rules archive for your version of
+-# Snort, unless you prefer to specify this on the command line.
+-# The rest in here is just a few recommended defaults, and examples
+-# how to use all the other optional features and give some ideas how they
+-# could be used.
++# Everything in here is completely optional and the defaults
++# should work for most people. The download URL of the rules
++# archive must be set either in here or on the command line.
+
+ # Remember not to let untrusted users edit Oinkmaster configuration
+ # files, as things like the PATH to use during execution is defined
+@@ -30,17 +28,16 @@
+ # http://www.snort.org/rules/ and follow the instructions
+ # there to pick the right URL for your version of Snort
+ # (and remember to update the URL when upgrading Snort in the
+-# future). You can of course also specify locations to third party
+-# rules.
++# future!). You can of course also specify locations to third party
++# rules. You may specify multiple URLs.
+ #
+ # As of March 2005, you must register on the Snort site to get access
+ # to the official Snort rules. This will get you an "oinkcode".
+ # You then specify the URL as
+ # http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/<filename>
+ # For example, if your code is 5a081649c06a277e1022e1284b and
+-# you use Snort 2.4, the url to use would be (without the wrap):
+-# http://www.snort.org/pub-bin/oinkmaster.cgi/
+-# 5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.4.tar.gz
++# you use Snort 2.7, the url to use would be:
++#
http://www.snort.org/pub-bin/oinkmaster.cgi/5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.7.tar.gz
+ # See the Oinkmaster FAQ Q1 and http://www.snort.org/rules/ for
+ # more information.
+
+@@ -48,17 +45,32 @@
+ # URL examples follows. Replace <oinkcode> with the code you get on the
+ # Snort site in your registered user profile.
+
+-# Example for Snort 2.4
+-# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
++# VRT certified rules for registered users, Snort 2.9.
++# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.9.tar.gz
++
++# VRT certified rules for registered users, Snort 2.7.
++# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.7.tar.gz
+
+-# Example for Snort-current ("current" means cvs snapshots).
++# VRT certified rules for registered users, Snort 2.8.
++# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.8.tar.gz
++
++# VRT certified rules for registered users, Snort-CURRENT
++# ("CURRENT" here means experimental snapshots!).
+ # url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
+
+-# Example for Community rules
+-# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
+
+-# Example for rules from the Bleeding Snort project
+-# url = http://www.bleedingsnort.com/bleeding.rules.tar.gz
++# Community rules and Snort 2.4.
++# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz
++
++# Community rules for snort-CURRENT
++# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
++
++
++# Example for rules from the Emerging Threats site (previously known as
Bleeding Snort).
++# url = http://www.emergingthreats.net/rules/emerging.rules.tar.gz
++# Old url:
++# url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz
++
+
+ # If you prefer to download the rules archive from outside Oinkmaster,
+ # you can then point to the file on your local filesystem by using
+@@ -86,8 +98,8 @@
+ # optional .exe suffix. If you're on Cygwin, make sure that the path
+ # contains the Cygwin binaries and not the native Win32 binaries or
+ # you will get problems.
+-# Assume UNIX style by default:
+-path = /bin:/usr/bin:/usr/local/bin
++# The following UNIX style path is assumed by default:
++# path = /bin:/usr/bin:/usr/local/bin
+
+ # Example if running native Win32 or standalone Cygwin:
+ # path = c:\oinkmaster;c:\oinkmaster\bin
+@@ -138,7 +150,7 @@ path = /bin:/usr/bin:/usr/local/bin
+ # All other files will be ignored. You can then choose to skip
+ # individual files by specifying the "skipfile" keyword below.
+ # Normally you shouldn't need to change this one.
+-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
++# update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+
+ # Regexp of keywords that starts a Snort rule.
+@@ -172,6 +184,20 @@ update_files = \.rules$|\.config$|\.conf
+ # other than the default one for wget/LWP, set this variable.
+ # user_agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
+
++# The normal Snort rules usually resides in a directory called
++# "rules" in the downloaded archive. You can tell Oinkmaster to
++# look in another directory by setting the rules_dir statement.
++# This allows you to update the shared object rules (so_rules) with
++# Oinkmaster by creating a separate oinkmaster.conf containing
++# "rules_dir = so_rules". Note that you can not set multiple
++# directories so you have to run Oinkmaster separately for each
++# directory. Remember to point to different output directories as
++# the "rules" and "so_rules" directories contains files with
++# identical filenames.
++# To update the shared object rules, use:
++# rules_dir = so_rules
++# The default is to update the normal rules:
++# rules_dir = rules
+
+ # You can include other files anywhere in here by using
+ # "include <file>". <file> will be parsed just like a regular
+@@ -286,6 +312,9 @@ skipfile snort.conf
+ # (alert, log, pass, etc).
+ # modifysid 1325 "^#" | ""
+
++# Example to enable ALL rules in ALL files (usually not a good idea).
++# modifysid * "^#" | ""
++
+ # Example to add "tag" stuff to SID 1325.
+ # modifysid 1325 "sid:1325;" | "sid:1325; tag: host, src, 300, seconds;"
+
+--- oinkmaster-2.0.orig/oinkmaster.pl
++++ oinkmaster-2.0/oinkmaster.pl
+@@ -1,8 +1,8 @@
+ #!/usr/bin/perl -w
+
+-# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ #
++# $Id: oinkmaster.pl,v 1.413 2008/02/18 19:38:08 andreas_o Exp $ #
+
+-# Copyright (c) 2001-2006 Andreas Östling <andre...@it.su.se>
++# Copyright (c) 2001-2008 Andreas Östling <andre...@andreaso.se>
+ # All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or
+@@ -58,6 +58,8 @@ sub join_tmp_rules_dirs($ $ @);
+ sub process_rules($ $ $ $ $ $);
+ sub process_rule($ $ $ $ $ $ $ $);
+ sub setup_rules_hash($ $);
++sub check_flowbits_dependencies($);
++sub parse_flowbits($ $ $);
+ sub get_first_only($ $ $);
+ sub print_changes($ $);
+ sub print_changetype($ $ $ $);
+@@ -82,10 +84,9 @@ sub catch_sigint();
+ sub clean_exit($);
+
+
+-my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '.
+- 'Andreas Östling <andre...@it.su.se>';
++my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2008 '.
++ 'Andreas Östling <andre...@andreaso.se>';
+ my $OUTFILE = 'snortrules.tar.gz';
+-my $RULES_DIR = 'rules';
+
+ my $PRINT_NEW = 1;
+ my $PRINT_OLD = 2;
+@@ -108,6 +109,9 @@ my %config = (
+ use_external_bins => 1,
+ verbose => 0,
+ use_path_checks => 1,
++ rules_dir => 'rules',
++ path => '/bin:/usr/bin:/usr/local/bin',
++ update_files => '\.rules$|\.config$|\.conf$|\.txt$|\.map$',
+ rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic",
+ tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} ||
'/tmp',
+ );
+@@ -232,22 +236,22 @@ my @url_tmpdirs;
+ foreach my $url (@{$config{url}}) {
+ my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir)
+ or clean_exit("could not create temporary directory in $tmpdir: $!");
+- push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR");
++ push(@url_tmpdirs, "$url_tmpdir/$config{rules_dir}");
+ if ($url =~ /^dir:\/\/(.+)/) {
+- mkdir("$url_tmpdir/$RULES_DIR")
+- or clean_exit("Could not create $url_tmpdir/$RULES_DIR");
+- copy_rules($1, "$url_tmpdir/$RULES_DIR");
++ mkdir("$url_tmpdir/$config{rules_dir}")
++ or clean_exit("Could not create $url_tmpdir/$config{rules_dir}");
++ copy_rules($1, "$url_tmpdir/$config{rules_dir}");
+ } else {
+ download_file($url, "$url_tmpdir/$OUTFILE");
+- unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR);
++ unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE",
$config{rules_dir});
+ }
+ }
+
+-# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory.
++# Copy all rules files from the tmp dirs into $config{rules_dir} in the tmp
directory.
+ # File matching 'skipfile' a directive will not be copied.
+ # Filenames (with full path) will be stored as %new_files{filename}.
+ # Will exit in case of duplicate filenames.
+-my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files,
@url_tmpdirs);
++my $num_files = join_tmp_rules_dirs("$tmpdir/$config{rules_dir}", \my
%new_files, @url_tmpdirs);
+
+ # Make sure we have at least the minimum number of files.
+ clean_exit("not enough rules files in downloaded rules archive(s).\n".
+@@ -274,12 +278,14 @@ clean_exit("not enough rules in download
+ my %rh = setup_rules_hash(\%new_files, $config{output_dir});
+
+ # Compare the new rules to the old ones.
+-my %changes = get_changes(\%rh, \%new_files, $RULES_DIR);
++my %changes = get_changes(\%rh, \%new_files, $config{rules_dir});
+
+ # Check for variables that exist in dist snort.conf(s) but not in local
snort.conf.
+ get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile},
\@url_tmpdirs)
+ if ($config{update_vars});
+
++# Check for broken flowbits dependencies.
++check_flowbits_dependencies(\%rh);
+
+ # Find out if something had changed.
+ my $something_changed = 0;
+@@ -622,8 +628,12 @@ sub read_config($ $)
+ }
+
+ } elsif (/^url\s*=\s*(.*)/i) {
+- push(@{$$cfg_ref{url}}, $1)
+- unless ($$cfg_ref{cmdline_url});
++ if ($$cfg_ref{cmdline_url}) {
++ warn("URL already set on command line, ignoring URL in
configuration file\n")
++ unless ($config{quiet});
++ } else {
++ push(@{$$cfg_ref{url}}, $1);
++ }
+
+ } elsif (/^path\s*=\s*(.+)/i) {
+ $$cfg_ref{path} = $1;
+@@ -658,6 +668,9 @@ sub read_config($ $)
+ } elsif (/^user_agent\s*=\s*(.+)/i) {
+ $$cfg_ref{user_agent} = $1;
+
++ } elsif (/^rules_dir\s*=\s*(.+)/i) {
++ $$cfg_ref{rules_dir} = $1;
++
+ } elsif (/^include\s+(\S+.*)/i) {
+ my $include = $1;
+ read_config($include, $cfg_ref);
+@@ -788,20 +801,25 @@ sub sanity_check()
+ push(@{$config{url}}, $ok_url);
+ }
+
+- # Wget must be found if url is http[s]:// or ftp://.
+- if ($config{use_external_bins}) {
+- clean_exit("wget not found in PATH ($ENV{PATH}).")
+- if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget"));
+- }
++ # Look for binaries that are only required in certain situations.
++ foreach my $url (@{$config{url}}) {
++ if ($config{use_external_bins}) {
++ # Wget must be found if any URL is http[s]:// or ftp://.
++ clean_exit("wget not found in PATH ($ENV{PATH})\n" .
++ "Install wget if missing, or update \"path = ...\" in
Oinkmaster configuration file")
++ if ($url =~ /^(https*|ftp):/ && !is_in_path("wget"));
++ }
+
+- # scp must be found if scp://...
+- clean_exit("scp not found in PATH ($ENV{PATH}).")
+- if ($config{'url'} =~ /^scp:/ && !is_in_path("scp"));
+-
+- # ssh key must exist if specified and url is scp://...
+- clean_exit("ssh key \"$config{scp_key}\" does not exist.")
+- if ($config{'url'} =~ /^scp:/ && exists($config{scp_key})
+- && !-e $config{scp_key});
++ # scp must be found if scp://... regardless of use_external_bins value
++ if ($url =~ /^scp:/) {
++ clean_exit("scp not found in PATH ($ENV{PATH}).")
++ unless (is_in_path("scp"));
++
++ # ssh key must exist if specified and url is scp://...
++ clean_exit("ssh key \"$config{scp_key}\" does not exist.")
++ if (exists($config{scp_key})&& !-e $config{scp_key});
++ }
++ }
+
+ # Untaint output directory string.
+ $config{output_dir} = untaint_path($config{output_dir});
+@@ -1201,10 +1219,11 @@ sub process_rules($ $ $ $ $ $)
+ my %sids;
+
+ my %stats = (
+- disabled => 0,
+- enabled => 0,
+- modified => 0,
+- total => 0,
++ disablesid => 0,
++ enablesid => 0,
++ modifysid => 0,
++ localsid => 0,
++ total => 0,
+ );
+
+ warn("WARNING: all rules that are disabled by default will be enabled\n")
+@@ -1260,7 +1279,7 @@ sub process_rules($ $ $ $ $ $)
+ # Is it a dup? If so, see if this seems to be more recent (higher
rev).
+ if (exists($sids{$sid})) {
+ warn("\nWARNING: duplicate SID in downloaded archive,
SID=$sid, ".
+- "only keeping rule with highest 'rev'\n")
++ "trying to keep active rule with highest 'rev'\n")
+ unless($config{super_quiet});
+
+ my ($old_rev) = ($sids{$sid}{single} =~
/\brev\s*:\s*(\d+)\s*;/);
+@@ -1329,6 +1348,7 @@ sub process_rules($ $ $ $ $ $)
+
+ print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid};
+ $sids{$sid}{printed} = 1;
++ $stats{localsid}++;
+
+ warn("SID $sid is marked as local, keeping your version from
".
+ basename($file) . ".\n".
+@@ -1376,8 +1396,8 @@ sub process_rules($ $ $ $ $ $)
+ close(OUTFILE);
+ }
+
+- print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ".
+- "modified $stats{modified}, total=$stats{total}\n"
++ print STDERR "disablesid $stats{disablesid}, enablesid $stats{enablesid},
".
++ "modifysid $stats{modifysid}, localsid $stats{localsid},
total rules $stats{total}\n"
+ unless ($config{quiet});
+
+ # Print warnings on attempt at enablesid/disablesid/localsid on non-existent
+@@ -1454,7 +1474,7 @@ sub process_rule($ $ $ $ $ $ $ $)
+ $multi =~ s/^#*//;
+ $multi =~ s/\n#*/\n/g;
+ $single =~ s/^#*//;
+- $$stats_ref{enabled}++;
++ $$stats_ref{enablesid}++;
+ }
+
+ # Modify rule if requested. For disablesid/enablesid we work
+@@ -1497,7 +1517,7 @@ sub process_rule($ $ $ $ $ $ $ $)
+ print STDERR "After: $single\n"
+ if ($print_messages && $config{verbose});
+
+- $$stats_ref{modified}++;
++ $$stats_ref{modifysid}++;
+ } else {
+ if ($print_modify_warnings) {
+ warn("WARNING: SID $sid does not match modifysid ".
+@@ -1511,14 +1531,14 @@ sub process_rule($ $ $ $ $ $ $ $)
+ if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) {
+ $multi = "#$multi";
+ $multi =~ s/\n([^#].+)/\n#$1/g;
+- $$stats_ref{disabled}++;
++ $$stats_ref{disablesid}++;
+ }
+
+ # Enable rule if requested and it's not already enabled.
+ if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) {
+ $multi =~ s/^#+//;
+ $multi =~ s/\n#+(.+)/\n$1/g;
+- $$stats_ref{enabled}++;
++ $$stats_ref{enablesid}++;
+ }
+
+ $$rule_ref{single} = $single;
+@@ -1558,6 +1578,7 @@ sub setup_rules_hash($ $)
+ while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg,
\$sid)) {
+ if (defined($single)) {
+ $rh{new}{rules}{"$file"}{"$sid"} = $single;
++ parse_flowbits(\%rh, $single, $sid);
+ } else {
+ push(@{$rh{new}{other}{"$file"}}, $nonrule);
+ }
+@@ -1573,12 +1594,12 @@ sub setup_rules_hash($ $)
+
+ while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule,
undef, \$sid)) {
+ if (defined($single)) {
+- warn("\nWARNING: duplicate SID in your local rules, SID ".
+- "$sid exists multiple times, you may need to fix
this manually!\n")
+- if (exists($old_sids{$sid}));
++ warn("\nWARNING: duplicate SID in your local rules, active
rule with SID ".
++ "$sid exists multiple times, you may need to fix
this manually if the problem persists!\n")
++ if (exists($old_sids{$sid}) && ($single !~ /^#/ &&
$old_sids{$sid} !~ /^#/));
+
+ $rh{old}{rules}{"$file"}{"$sid"} = $single;
+- $old_sids{$sid}++;
++ $old_sids{$sid} = $single;
+ } else {
+ push(@{$rh{old}{other}{"$file"}}, $nonrule);
+ }
+@@ -2713,6 +2734,84 @@ sub join_multilines($)
+ }
+
+
++
++# Check if some active rule depends on flowbits that is not
++# set in any other active rule.
++sub check_flowbits_dependencies($)
++{
++ my $rh_ref = shift;
++
++ # No flowbits check in super quiet mode.
++ return if ($config{super_quiet});
++
++ print STDERR "Checking flowbits dependencies... "
++ unless ($config{quiet});
++
++ my $warnings = "";
++
++
++ # Check for rules that checks for flowbits that are never set/toggled.
++ foreach my $sid (keys(%{$$rh_ref{flowbits_check_dependency}})) {
++ my $depend_bit = $$rh_ref{flowbits_check_dependency}{$sid};
++
++ unless (exists($$rh_ref{flowbits_active_set}{$depend_bit})) {
++ $warnings .= "WARNING: SID $sid depends on flowbit
\"$depend_bit\" ";
++ if (exists($$rh_ref{flowbits_inactive_set}{$depend_bit})) {
++ my $depend_sid = $$rh_ref{flowbits_inactive_set}{$depend_bit};
++ $warnings .= "which is set in INACTIVE SID $depend_sid ".
++ "(SID $sid is broken unless you also enable SID
$depend_sid).\n";
++ } else {
++ $warnings .= "which is not set in any rule\n";
++ }
++ }
++ }
++
++ if ($warnings) {
++ print STDERR "problems found:\n\n" unless ($config{quiet});
++ print STDERR $warnings;
++ } else {
++ print STDERR "no problems found.\n" unless ($config{quiet});
++ }
++}
++
++
++
++sub parse_flowbits($ $ $)
++{
++ my $rh_ref = shift;
++ my $rule = shift;
++ my $sid = shift;
++
++
++ # Check if it's an active rule that sets (or toggles) any flowbits,
++ # or has an isset or isnotset check.
++ if ($rule !~ /^#/) {
++ my @fields = split(/\s*;\s*/, $rule);
++ foreach my $field (@fields) {
++ if ($field =~ /^flowbits\s*:\s*(?:set|toggle)\s*,\s*(.+)/) {
++ $$rh_ref{flowbits_active_set}{$1} = $sid;
++ }
++ if ($field =~ /^flowbits\s*:\s*isnotset\s*,\s*(.+)/) {
++ $$rh_ref{flowbits_check_dependency}{$sid} = $1;
++ }
++ if ($field =~ /^flowbits\s*:\s*isset\s*,\s*(.+)/) {
++ $$rh_ref{flowbits_check_dependency}{$sid} = $1;
++ }
++ }
++ }
++
++ # Check if it's an inactive rule that sets (or toggles) any flowbits.
++ if ($rule =~ /^#/) {
++ my @fields = split(/\s*;\s*/, $rule);
++ foreach my $field (@fields) {
++ if ($field =~ /^flowbits\s*:\s*(?:set|toggle)\s*,\s*(.+)/) {
++ $$rh_ref{flowbits_inactive_set}{$1} = $sid;
++ }
++ }
++ }
++}
++
++
+
+ # Catch SIGINT.
+ sub catch_sigint()
diff -Nru oinkmaster-2.0/debian/rules oinkmaster-2.0/debian/rules
--- oinkmaster-2.0/debian/rules 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/debian/rules 2023-05-15 23:49:49.000000000 +0200
@@ -19,7 +19,7 @@
endif
-build:
+build-indep:
dh_testdir
touch build-stamp
@@ -29,7 +29,7 @@
dh_clean
rm -f build-stamp configure-stamp
-install: build
+install: build-indep
dh_testdir
dh_testroot
dh_clean -k
@@ -39,9 +39,9 @@
install -m 755 contrib/* debian/oinkmaster/usr/share/oinkmaster/
-rm -f debian/oinkmaster/usr/share/oinkmaster/README*
-binary-arch: build install
+binary-arch: build-arch install
-binary-indep: build install
+binary-indep: build-indep install
dh_testdir
dh_testroot
dh_installchangelogs ChangeLog
@@ -61,4 +61,6 @@
dh_builddeb
binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure
+build-arch:
+build: build-indep build-arch
+.PHONY: build build-indep build-arch clean binary-indep binary-arch binary
install configure
diff -Nru oinkmaster-2.0/debian/source/format
oinkmaster-2.0/debian/source/format
--- oinkmaster-2.0/debian/source/format 1970-01-01 01:00:00.000000000 +0100
+++ oinkmaster-2.0/debian/source/format 2023-05-15 23:49:49.000000000 +0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru oinkmaster-2.0/FAQ oinkmaster-2.0/FAQ
--- oinkmaster-2.0/FAQ 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/FAQ 2006-02-18 13:35:21.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: FAQ,v 1.49 2008/02/18 19:39:18 andreas_o Exp $ #
+# $Id: FAQ,v 1.48 2006/01/21 08:25:05 andreas_o Exp $ #
The must current version if this FAQ can be found
@@ -67,7 +67,7 @@
a "#" in front of the rules. How do these changes become permanent?
Q23: How do I update the rules from multiple sources, like the official
- ones at www.snort.org, the ones at www.emergingthreats.net?
+ ones at www.snort.org and the ones at www.bleedingsnort.com?
Q24: How do I know which rules to disable?
@@ -97,7 +97,6 @@
Q33: Can I tell Oinkmaster to disable all rules by default, and only
enable and update specific ones?
-Q34: Can Oinkmaster update the shared object rules (so_rules)?
--------------
@@ -135,7 +134,7 @@
Here is some more information about downloading Snort signatures.
Oinkmaster can be used to update Snort signatures from many different
places, like the official ones at www.snort.org or the
- "Bleeding Snort" ones from www.emergingthreats.net. Here follows
+ "Bleeding Snort" ones from www.bleedingsnort.com. Here follows
information about the official Snort signatures at www.snort.org
Third party rules sources should have their own instructions.
Remember that you should never ever update the Snort signatures
@@ -683,7 +682,7 @@
Q23: How do I update the rules from multiple sources, like the official
- ones at www.snort.org, the ones at www.emergingthreats.net?
+ ones at www.snort.org and the ones at www.bleedingsnort.com?
A23: One way is to simply run Oinkmaster once for each URL and with
different output directories. This way you don't have to worry
@@ -788,11 +787,11 @@
#!/bin/sh
- oinkmaster.pl -u http://rules.emergingthreats.net/... -o
/etc/snort/rules/emerging/
+ oinkmaster.pl -u http://www.bleedingsnort.com/... -o
/etc/snort/rules/bleeding/
oinkmaster.pl -u http://www.snort.org/... -o /etc/snort/rules/official/
create-sidmap.pl /etc/snort/rules/official/ \
- /etc/snort/rules/emerging/ \
+ /etc/snort/rules/bleeding/ \
/etc/snort/rules/local/ \
> /etc/snort/sid-msg.map
@@ -919,18 +918,3 @@
rule you want to use, you must add an 'enablesid' statement for it
as all added rules will be disabled by default.
-
-
-Q34: Can Oinkmaster update the shared object rules (so_rules)?
-
-A34: Yes, but you have to run Oinkmaster separately with its own
- configuration file. Copy your regular oinkmaster.conf file
- to oinkmaster-so-rules.conf (or create a new one) and set
- "rules_dir = so_rules". Then run Oinkmaster with
- -C <path tooinkmaster-so-rules.conf> and use an output directory
- (-o <dir>) different than your regular rules directory. This is
- important as the "rules" and "so_rules" directories contains
- files with identical filenames. See the Snort documentation on how
- to use shared object rules. The shared object rules are currently
- disabled by default so you have to use "enablesid" or "modifysid"
- to activate the ones you want to use.
diff -Nru oinkmaster-2.0/LICENSE oinkmaster-2.0/LICENSE
--- oinkmaster-2.0/LICENSE 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/LICENSE 2006-02-18 13:35:21.000000000 +0100
@@ -1,4 +1,4 @@
- Copyright (c) 2001-2005 Andreas Östling <andreas_ostl...@bredband.net>
+ Copyright (c) 2001-2005 Andreas Östling <andre...@it.su.se>
All rights reserved.
Redistribution and use in source and binary forms, with or
diff -Nru oinkmaster-2.0/oinkmaster.1 oinkmaster-2.0/oinkmaster.1
--- oinkmaster-2.0/oinkmaster.1 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/oinkmaster.1 2006-02-18 13:35:21.000000000 +0100
@@ -1,5 +1,5 @@
-.\" $Id: oinkmaster.1,v 1.27 2006/10/12 08:55:47 andreas_o Exp $
-.\" Copyright (c) 2004-2006 Andreas Ostling <andreas_ostl...@bredband.net>
+.\" $Id: oinkmaster.1,v 1.26 2005/06/16 18:26:47 andreas_o Exp $
+.\" Copyright (c) 2004-2005 Andreas Ostling <andre...@it.su.se>
.\"
.\" Command to generate the man page: groff -man -Tascii oinkmaster.1
.\"
@@ -8,7 +8,7 @@
.B oinkmaster
\- update Snort signatures
.SH SYNOPSIS
-.B oinkmaster -o
+.B oinkmaster.pl -o
.I outdir
[options]
.SH DESCRIPTION
@@ -205,14 +205,14 @@
and put the new rules in /etc/rules/:
.PP
.nf
-\fB oinkmaster -o /etc/rules \fP
+\fB oinkmaster.pl -o /etc/rules \fP
.fi
.PP
Grab rules archive from local filesystem and do not print anything unless
it contains updated rules:
.PP
.nf
-\fB oinkmaster -u file:///tmp/rules.tar.gz -o /etc/rules -q \fP
+\fB oinkmaster.pl -u file:///tmp/rules.tar.gz -o /etc/rules -q \fP
.fi
.PP
Download rules archive from default location, make backup of old rules if
@@ -223,7 +223,7 @@
first encrypting the content.):
.PP
.nf
-\fB oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 | \fP\\
+\fB oinkmaster.pl -o /etc/snort/rules -b /etc/snort/backup 2>&1 | \fP\\
\fB mail -s "subject" u...@example.com
.fi
.PP
@@ -232,7 +232,7 @@
/etc/snort/snort.conf:
.PP
.nf
-\fB oinkmaster -u file:///tmp/foo.rules.tar.gz \fP\\
+\fB oinkmaster.pl -u file:///tmp/foo.rules.tar.gz \fP\\
\fB -u http://somewhere/rules.tar.gz -u https://blah/rules.tar.gz \fP\\
\fB -o /etc/rules -S snort.conf -S foo.conf -U /etc/snort/snort.conf
.fi
@@ -245,7 +245,7 @@
.PP
.nf
\fB TMP=`mktemp /tmp/oinkmaster.XXXXXX` && \fP\\
-\fB (oinkmaster -C /etc/oinkmaster-global.conf \fP\\
+\fB (oinkmaster.pl -C /etc/oinkmaster-global.conf \fP\\
\fB -C /etc/oinkmaster-sensor.conf -o /etc/rules \fP\\
\fB -U /etc/snort.conf \fP\\
\fB -u scp://u...@example.com:/home/user/rules.tar.gz \fP\\
@@ -266,7 +266,7 @@
changed, it was rewritten to work with the official Snort rules and the
new name became Oinkmaster.
.SH AUTHOR
-Andreas Ostling <andreas_ostl...@bredband.net>
+Andreas Ostling <andre...@it.su.se>
.SH SEE ALSO
The online documentation at http://oinkmaster.sf.net/ contains more
information.
diff -Nru oinkmaster-2.0/oinkmaster.conf oinkmaster-2.0/oinkmaster.conf
--- oinkmaster-2.0/oinkmaster.conf 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/oinkmaster.conf 2006-02-18 13:35:21.000000000 +0100
@@ -1,10 +1,12 @@
-# $Id: oinkmaster.conf,v 1.134 2008/02/18 19:33:45 andreas_o Exp $ #
-
+# $Id: oinkmaster.conf,v 1.132 2006/02/02 12:05:08 andreas_o Exp $ #
# This file is pretty big by default, but don't worry.
-# Everything in here is completely optional and the defaults
-# should work for most people. The download URL of the rules
-# archive must be set either in here or on the command line.
+# The only things required are "path" and "update_files". You must also
+# set "url" to point to the correct rules archive for your version of
+# Snort, unless you prefer to specify this on the command line.
+# The rest in here is just a few recommended defaults, and examples
+# how to use all the other optional features and give some ideas how they
+# could be used.
# Remember not to let untrusted users edit Oinkmaster configuration
# files, as things like the PATH to use during execution is defined
@@ -28,16 +30,17 @@
# http://www.snort.org/rules/ and follow the instructions
# there to pick the right URL for your version of Snort
# (and remember to update the URL when upgrading Snort in the
-# future!). You can of course also specify locations to third party
-# rules. You may specify multiple URLs.
+# future). You can of course also specify locations to third party
+# rules.
#
# As of March 2005, you must register on the Snort site to get access
# to the official Snort rules. This will get you an "oinkcode".
# You then specify the URL as
# http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/<filename>
# For example, if your code is 5a081649c06a277e1022e1284b and
-# you use Snort 2.7, the url to use would be:
-#
http://www.snort.org/pub-bin/oinkmaster.cgi/5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.7.tar.gz
+# you use Snort 2.4, the url to use would be (without the wrap):
+# http://www.snort.org/pub-bin/oinkmaster.cgi/
+# 5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.4.tar.gz
# See the Oinkmaster FAQ Q1 and http://www.snort.org/rules/ for
# more information.
@@ -45,32 +48,17 @@
# URL examples follows. Replace <oinkcode> with the code you get on the
# Snort site in your registered user profile.
-# VRT certified rules for registered users, Snort 2.9.
-# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.9.tar.gz
-
-# VRT certified rules for registered users, Snort 2.7.
-# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.7.tar.gz
+# Example for Snort 2.4
+# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
-# VRT certified rules for registered users, Snort 2.8.
-# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.8.tar.gz
-
-# VRT certified rules for registered users, Snort-CURRENT
-# ("CURRENT" here means experimental snapshots!).
+# Example for Snort-current ("current" means cvs snapshots).
# url =
http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
+# Example for Community rules
+# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
-# Community rules and Snort 2.4.
-# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz
-
-# Community rules for snort-CURRENT
-# url =
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
-
-
-# Example for rules from the Emerging Threats site (previously known as
Bleeding Snort).
-# url = http://www.emergingthreats.net/rules/emerging.rules.tar.gz
-# Old url:
-# url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz
-
+# Example for rules from the Bleeding Snort project
+# url = http://www.bleedingsnort.com/bleeding.rules.tar.gz
# If you prefer to download the rules archive from outside Oinkmaster,
# you can then point to the file on your local filesystem by using
@@ -98,8 +86,8 @@
# optional .exe suffix. If you're on Cygwin, make sure that the path
# contains the Cygwin binaries and not the native Win32 binaries or
# you will get problems.
-# The following UNIX style path is assumed by default:
-# path = /bin:/usr/bin:/usr/local/bin
+# Assume UNIX style by default:
+path = /bin:/usr/bin:/usr/local/bin
# Example if running native Win32 or standalone Cygwin:
# path = c:\oinkmaster;c:\oinkmaster\bin
@@ -150,7 +138,7 @@
# All other files will be ignored. You can then choose to skip
# individual files by specifying the "skipfile" keyword below.
# Normally you shouldn't need to change this one.
-# update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
# Regexp of keywords that starts a Snort rule.
@@ -184,20 +172,6 @@
# other than the default one for wget/LWP, set this variable.
# user_agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
-# The normal Snort rules usually resides in a directory called
-# "rules" in the downloaded archive. You can tell Oinkmaster to
-# look in another directory by setting the rules_dir statement.
-# This allows you to update the shared object rules (so_rules) with
-# Oinkmaster by creating a separate oinkmaster.conf containing
-# "rules_dir = so_rules". Note that you can not set multiple
-# directories so you have to run Oinkmaster separately for each
-# directory. Remember to point to different output directories as
-# the "rules" and "so_rules" directories contains files with
-# identical filenames.
-# To update the shared object rules, use:
-# rules_dir = so_rules
-# The default is to update the normal rules:
-# rules_dir = rules
# You can include other files anywhere in here by using
# "include <file>". <file> will be parsed just like a regular
@@ -312,9 +286,6 @@
# (alert, log, pass, etc).
# modifysid 1325 "^#" | ""
-# Example to enable ALL rules in ALL files (usually not a good idea).
-# modifysid * "^#" | ""
-
# Example to add "tag" stuff to SID 1325.
# modifysid 1325 "sid:1325;" | "sid:1325; tag: host, src, 300, seconds;"
diff -Nru oinkmaster-2.0/oinkmaster.pl oinkmaster-2.0/oinkmaster.pl
--- oinkmaster-2.0/oinkmaster.pl 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/oinkmaster.pl 2006-02-18 13:35:21.000000000 +0100
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-# $Id: oinkmaster.pl,v 1.413 2008/02/18 19:38:08 andreas_o Exp $ #
+# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ #
-# Copyright (c) 2001-2008 Andreas Östling <andre...@andreaso.se>
+# Copyright (c) 2001-2006 Andreas Östling <andre...@it.su.se>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
@@ -58,8 +58,6 @@
sub process_rules($ $ $ $ $ $);
sub process_rule($ $ $ $ $ $ $ $);
sub setup_rules_hash($ $);
-sub check_flowbits_dependencies($);
-sub parse_flowbits($ $ $);
sub get_first_only($ $ $);
sub print_changes($ $);
sub print_changetype($ $ $ $);
@@ -84,9 +82,10 @@
sub clean_exit($);
-my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2008 '.
- 'Andreas Östling <andre...@andreaso.se>';
+my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '.
+ 'Andreas Östling <andre...@it.su.se>';
my $OUTFILE = 'snortrules.tar.gz';
+my $RULES_DIR = 'rules';
my $PRINT_NEW = 1;
my $PRINT_OLD = 2;
@@ -109,9 +108,6 @@
use_external_bins => 1,
verbose => 0,
use_path_checks => 1,
- rules_dir => 'rules',
- path => '/bin:/usr/bin:/usr/local/bin',
- update_files => '\.rules$|\.config$|\.conf$|\.txt$|\.map$',
rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic",
tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp',
);
@@ -236,22 +232,22 @@
foreach my $url (@{$config{url}}) {
my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir)
or clean_exit("could not create temporary directory in $tmpdir: $!");
- push(@url_tmpdirs, "$url_tmpdir/$config{rules_dir}");
+ push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR");
if ($url =~ /^dir:\/\/(.+)/) {
- mkdir("$url_tmpdir/$config{rules_dir}")
- or clean_exit("Could not create $url_tmpdir/$config{rules_dir}");
- copy_rules($1, "$url_tmpdir/$config{rules_dir}");
+ mkdir("$url_tmpdir/$RULES_DIR")
+ or clean_exit("Could not create $url_tmpdir/$RULES_DIR");
+ copy_rules($1, "$url_tmpdir/$RULES_DIR");
} else {
download_file($url, "$url_tmpdir/$OUTFILE");
- unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE",
$config{rules_dir});
+ unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR);
}
}
-# Copy all rules files from the tmp dirs into $config{rules_dir} in the tmp
directory.
+# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory.
# File matching 'skipfile' a directive will not be copied.
# Filenames (with full path) will be stored as %new_files{filename}.
# Will exit in case of duplicate filenames.
-my $num_files = join_tmp_rules_dirs("$tmpdir/$config{rules_dir}", \my
%new_files, @url_tmpdirs);
+my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files,
@url_tmpdirs);
# Make sure we have at least the minimum number of files.
clean_exit("not enough rules files in downloaded rules archive(s).\n".
@@ -278,14 +274,12 @@
my %rh = setup_rules_hash(\%new_files, $config{output_dir});
# Compare the new rules to the old ones.
-my %changes = get_changes(\%rh, \%new_files, $config{rules_dir});
+my %changes = get_changes(\%rh, \%new_files, $RULES_DIR);
# Check for variables that exist in dist snort.conf(s) but not in local
snort.conf.
get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile},
\@url_tmpdirs)
if ($config{update_vars});
-# Check for broken flowbits dependencies.
-check_flowbits_dependencies(\%rh);
# Find out if something had changed.
my $something_changed = 0;
@@ -628,12 +622,8 @@
}
} elsif (/^url\s*=\s*(.*)/i) {
- if ($$cfg_ref{cmdline_url}) {
- warn("URL already set on command line, ignoring URL in
configuration file\n")
- unless ($config{quiet});
- } else {
- push(@{$$cfg_ref{url}}, $1);
- }
+ push(@{$$cfg_ref{url}}, $1)
+ unless ($$cfg_ref{cmdline_url});
} elsif (/^path\s*=\s*(.+)/i) {
$$cfg_ref{path} = $1;
@@ -668,9 +658,6 @@
} elsif (/^user_agent\s*=\s*(.+)/i) {
$$cfg_ref{user_agent} = $1;
- } elsif (/^rules_dir\s*=\s*(.+)/i) {
- $$cfg_ref{rules_dir} = $1;
-
} elsif (/^include\s+(\S+.*)/i) {
my $include = $1;
read_config($include, $cfg_ref);
@@ -801,26 +788,21 @@
push(@{$config{url}}, $ok_url);
}
- # Look for binaries that are only required in certain situations.
- foreach my $url (@{$config{url}}) {
- if ($config{use_external_bins}) {
- # Wget must be found if any URL is http[s]:// or ftp://.
- clean_exit("wget not found in PATH ($ENV{PATH})\n" .
- "Install wget if missing, or update \"path = ...\" in
Oinkmaster configuration file")
- if ($url =~ /^(https*|ftp):/ && !is_in_path("wget"));
- }
-
- # scp must be found if scp://... regardless of use_external_bins value
- if ($url =~ /^scp:/) {
- clean_exit("scp not found in PATH ($ENV{PATH}).")
- unless (is_in_path("scp"));
-
- # ssh key must exist if specified and url is scp://...
- clean_exit("ssh key \"$config{scp_key}\" does not exist.")
- if (exists($config{scp_key})&& !-e $config{scp_key});
- }
+ # Wget must be found if url is http[s]:// or ftp://.
+ if ($config{use_external_bins}) {
+ clean_exit("wget not found in PATH ($ENV{PATH}).")
+ if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget"));
}
+ # scp must be found if scp://...
+ clean_exit("scp not found in PATH ($ENV{PATH}).")
+ if ($config{'url'} =~ /^scp:/ && !is_in_path("scp"));
+
+ # ssh key must exist if specified and url is scp://...
+ clean_exit("ssh key \"$config{scp_key}\" does not exist.")
+ if ($config{'url'} =~ /^scp:/ && exists($config{scp_key})
+ && !-e $config{scp_key});
+
# Untaint output directory string.
$config{output_dir} = untaint_path($config{output_dir});
@@ -1219,11 +1201,10 @@
my %sids;
my %stats = (
- disablesid => 0,
- enablesid => 0,
- modifysid => 0,
- localsid => 0,
- total => 0,
+ disabled => 0,
+ enabled => 0,
+ modified => 0,
+ total => 0,
);
warn("WARNING: all rules that are disabled by default will be enabled\n")
@@ -1279,7 +1260,7 @@
# Is it a dup? If so, see if this seems to be more recent (higher
rev).
if (exists($sids{$sid})) {
warn("\nWARNING: duplicate SID in downloaded archive,
SID=$sid, ".
- "trying to keep active rule with highest 'rev'\n")
+ "only keeping rule with highest 'rev'\n")
unless($config{super_quiet});
my ($old_rev) = ($sids{$sid}{single} =~
/\brev\s*:\s*(\d+)\s*;/);
@@ -1348,7 +1329,6 @@
print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid};
$sids{$sid}{printed} = 1;
- $stats{localsid}++;
warn("SID $sid is marked as local, keeping your version from ".
basename($file) . ".\n".
@@ -1396,8 +1376,8 @@
close(OUTFILE);
}
- print STDERR "disablesid $stats{disablesid}, enablesid $stats{enablesid},
".
- "modifysid $stats{modifysid}, localsid $stats{localsid},
total rules $stats{total}\n"
+ print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ".
+ "modified $stats{modified}, total=$stats{total}\n"
unless ($config{quiet});
# Print warnings on attempt at enablesid/disablesid/localsid on non-existent
@@ -1474,7 +1454,7 @@
$multi =~ s/^#*//;
$multi =~ s/\n#*/\n/g;
$single =~ s/^#*//;
- $$stats_ref{enablesid}++;
+ $$stats_ref{enabled}++;
}
# Modify rule if requested. For disablesid/enablesid we work
@@ -1517,7 +1497,7 @@
print STDERR "After: $single\n"
if ($print_messages && $config{verbose});
- $$stats_ref{modifysid}++;
+ $$stats_ref{modified}++;
} else {
if ($print_modify_warnings) {
warn("WARNING: SID $sid does not match modifysid ".
@@ -1531,14 +1511,14 @@
if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) {
$multi = "#$multi";
$multi =~ s/\n([^#].+)/\n#$1/g;
- $$stats_ref{disablesid}++;
+ $$stats_ref{disabled}++;
}
# Enable rule if requested and it's not already enabled.
if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) {
$multi =~ s/^#+//;
$multi =~ s/\n#+(.+)/\n$1/g;
- $$stats_ref{enablesid}++;
+ $$stats_ref{enabled}++;
}
$$rule_ref{single} = $single;
@@ -1578,7 +1558,6 @@
while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg,
\$sid)) {
if (defined($single)) {
$rh{new}{rules}{"$file"}{"$sid"} = $single;
- parse_flowbits(\%rh, $single, $sid);
} else {
push(@{$rh{new}{other}{"$file"}}, $nonrule);
}
@@ -1594,12 +1573,12 @@
while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule,
undef, \$sid)) {
if (defined($single)) {
- warn("\nWARNING: duplicate SID in your local rules, active
rule with SID ".
- "$sid exists multiple times, you may need to fix this
manually if the problem persists!\n")
- if (exists($old_sids{$sid}) && ($single !~ /^#/ &&
$old_sids{$sid} !~ /^#/));
+ warn("\nWARNING: duplicate SID in your local rules, SID ".
+ "$sid exists multiple times, you may need to fix this
manually!\n")
+ if (exists($old_sids{$sid}));
$rh{old}{rules}{"$file"}{"$sid"} = $single;
- $old_sids{$sid} = $single;
+ $old_sids{$sid}++;
} else {
push(@{$rh{old}{other}{"$file"}}, $nonrule);
}
@@ -2734,84 +2713,6 @@
}
-
-# Check if some active rule depends on flowbits that is not
-# set in any other active rule.
-sub check_flowbits_dependencies($)
-{
- my $rh_ref = shift;
-
- # No flowbits check in super quiet mode.
- return if ($config{super_quiet});
-
- print STDERR "Checking flowbits dependencies... "
- unless ($config{quiet});
-
- my $warnings = "";
-
-
- # Check for rules that checks for flowbits that are never set/toggled.
- foreach my $sid (keys(%{$$rh_ref{flowbits_check_dependency}})) {
- my $depend_bit = $$rh_ref{flowbits_check_dependency}{$sid};
-
- unless (exists($$rh_ref{flowbits_active_set}{$depend_bit})) {
- $warnings .= "WARNING: SID $sid depends on flowbit \"$depend_bit\"
";
- if (exists($$rh_ref{flowbits_inactive_set}{$depend_bit})) {
- my $depend_sid = $$rh_ref{flowbits_inactive_set}{$depend_bit};
- $warnings .= "which is set in INACTIVE SID $depend_sid ".
- "(SID $sid is broken unless you also enable SID
$depend_sid).\n";
- } else {
- $warnings .= "which is not set in any rule\n";
- }
- }
- }
-
- if ($warnings) {
- print STDERR "problems found:\n\n" unless ($config{quiet});
- print STDERR $warnings;
- } else {
- print STDERR "no problems found.\n" unless ($config{quiet});
- }
-}
-
-
-
-sub parse_flowbits($ $ $)
-{
- my $rh_ref = shift;
- my $rule = shift;
- my $sid = shift;
-
-
- # Check if it's an active rule that sets (or toggles) any flowbits,
- # or has an isset or isnotset check.
- if ($rule !~ /^#/) {
- my @fields = split(/\s*;\s*/, $rule);
- foreach my $field (@fields) {
- if ($field =~ /^flowbits\s*:\s*(?:set|toggle)\s*,\s*(.+)/) {
- $$rh_ref{flowbits_active_set}{$1} = $sid;
- }
- if ($field =~ /^flowbits\s*:\s*isnotset\s*,\s*(.+)/) {
- $$rh_ref{flowbits_check_dependency}{$sid} = $1;
- }
- if ($field =~ /^flowbits\s*:\s*isset\s*,\s*(.+)/) {
- $$rh_ref{flowbits_check_dependency}{$sid} = $1;
- }
- }
- }
-
- # Check if it's an inactive rule that sets (or toggles) any flowbits.
- if ($rule =~ /^#/) {
- my @fields = split(/\s*;\s*/, $rule);
- foreach my $field (@fields) {
- if ($field =~ /^flowbits\s*:\s*(?:set|toggle)\s*,\s*(.+)/) {
- $$rh_ref{flowbits_inactive_set}{$1} = $sid;
- }
- }
- }
-}
-
-
# Catch SIGINT.
sub catch_sigint()
diff -Nru oinkmaster-2.0/README oinkmaster-2.0/README
--- oinkmaster-2.0/README 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/README 2006-02-18 13:35:21.000000000 +0100
@@ -1,10 +1,10 @@
-# $Id: README,v 1.85 2006/10/12 08:55:47 andreas_o Exp $ #
+# $Id: README,v 1.84 2006/01/28 22:11:12 andreas_o Exp $ #
Introduction
~~~~~~~~~~~~
-Oinkmaster is written by Andreas Östling <andreas_ostl...@bredband.net>.
+Oinkmaster is written by Andreas Östling <andre...@it.su.se>.
The homepage is at http://oinkmaster.sourceforge.net/
Oinkmaster is simple Perl script released under the BSD license that
diff -Nru oinkmaster-2.0/README.gui oinkmaster-2.0/README.gui
--- oinkmaster-2.0/README.gui 2023-05-16 00:19:05.000000000 +0200
+++ oinkmaster-2.0/README.gui 2006-02-18 13:35:21.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: README.gui,v 1.20 2006/10/12 08:55:47 andreas_o Exp $ #
+# $Id: README.gui,v 1.19 2006/01/28 21:46:12 andreas_o Exp $ #
Intro
~~~~~
@@ -8,7 +8,8 @@
is not the prettiest interface you've seen, but it kind of works. It
runs on most Unix-like systems and also on Windows with ActivePerl.
It's not well-written and may not be a high priority for me in the
-future, so use at your own risk.
+future, so use at your own risk. Send feedback to Andreas Östling
+<andre...@it.su.se>.
