Using Oinkcodes with Wget

You can use Oinkmaster codes to automatically download Snort rules updates with wget. Here's how:

First off, let's pretend the archive you are wanting to download is snortrules-snapshot-2.8.tar.gz

* Create an account at http://snort.org
* Go to the Get Oinkcode and click on generate code
* go to your target Snort server and run something like this:
http://www.snort.org/pub-bin/oinkmaster.cgi/(put your oinkcode in here)/snortrules-snapshot-2.8.tar.gz -O snortrules.tar.gz
* Bask in the glory of a speedy download to your target Snort device.

Note, you can do the .md5 file hashes the same way by putting ".md5" at the end of the wget call. This would be good if you happen to have glue code behind it to check for hash changes. If the hash changes, then it will kick off a full download of the snort rules. Here's an example to download the md5 hashes using wget:

http://www.snort.org/pub-bin/oinkmaster.cgi/(put your oinkcode in here)/snortrules-snapshot-2.8.tar.gz.md5 -O snortrules.md5

Enjoy!

tom

snort stop / start script

I wrote up a new snort start / stop script. It's pretty much like the one that I've used in several places at work, but with some sturdier error checking on some things.

Download it fresh and hot from http://ultrapig.com/files/etc.init.d.snort.txt.

Probably handy if you build your own snort servers from scratch and don't happen to use whatever RPM or apt-get has setup for you on the system.

To use, run once to start snort, and run it again to stop it.

Enjoy,

tom